Itts Final Requirement Vince Ugalde

UNIVERSITY OF CAGAYAN VALLEY
Tuguegarao City, Cagayan, Philippines
FINAL REQUIREMENT
NARRATIVE REPORTS IN THE SUBJECT

I.T. TRIPS AND SEMINARS/WEBINARS
First Semester, Academic Year 2021-2022
In Partial Fulfillment
of the Requirements for the Degree
Bachelor of Science in Information Technology
Submitted by
VINCE B. UGALDE
BSIT-4A
Submitted to
APRILIZA M. CARAG
Instructor
PRELIM COVERAGE
Webinar 1 Information:
Topic: Cybercrime Prevention and Law in the Philippines
Organized by: DICT Luzon cluster 3 - Camarines Norte
Speaker: Imee M. Abardo
Date: August 26,2021
Duration: 3 hours
Background of the topic:
The lecture focuses on the overview, history, and updates in

cybercrime in the Philippine setting. The pre-emption, prevention
and prosecution of cybercrime such as offenses against the
confidentiality, integrity, and availability of computer data
systems, computer data and systems, computer related offenses are
emphasized also in the lecture. The topic also provides
substantive provisions of law and procedural measures will be
undertaken by the competent government authorities and law
enforcement authorities, and in understanding the technical
nature of cybercrimes, and in formulating technical mechanisms to
counter them.
Webinar Narrative:
Last August 26, Cybercrime Prevention and Law in the Philippines

Webinar was conducted via zoom and fb live, I was able to join
via zoom which has a lot of students from different schools all
over the Philippines have joined. Our guest speaker is ma’am Imee
Abardo and she discussed all her topics below.
2.1 The first topic is all about Cybercrime offenses and

penalties. Which she discussed about the possible offenses and
penalties under R.A 10175.
 under section 4 R.A 10175, offenses in this act are

categorized into three groups;
A. Cybercrime is the misuse of computers and other electronic

devices in a way that compromises the confidentiality,
integrity and availability of computer data and systems.
Illegal Interception, Data Interference, System
Interference, Misuse of Devices, and cyber-squatting are all
part of this group.
Penalties
1. Imprisonment of prision mayor or a fine of at least two

hundred thousand pesos up to a minimum amount commensurate
to the damage incurred or both.
2. Under misuse of devices imprisonment of prision mayor or a
fine of not more than five hundred thousand pesos or both.
3. If punishable acts in section 4 are committed against
critical infrastructure, the penalty of reclusion temporal
or a fine of at least five hundred thousand pesos up to
maximum amount commensurate to the damage incurred both,
shall be imposed.
B. Computer-related offenses, Computer-related forgery,

computer-related fraud, computer-related identify theft are
all part of this group.
Penalties
1. Imprisonment of prision mayor or a fine of at least two

hundred thousand pesos up to a maximum amount commensurate
to the damage incurred or both.
C. Content-related offenses – cybersex, child pornography,

unsolicited commercial communications, and libel are all
part of this group.
Penalties
1. Cybersex – Imprisonment of prision mayor or a fine of at

least two hundred pesos but not exceeding one million
pesos or both.
2. Child pornography - Shall be punished with the penalties
as enumerated in Republic Act No. 9775 or the “Anti Child
Pornography of 2009”, provided that the penalty to be
imposed shall be one degree higher than that provided for
in Republic Act No. 9775, if committed through a computer
system.
3. Unsolicited commercial communication – Imprisonment of
arresto mayor or a fine of at least fifty thousand pesos
but not exceeding two hundred thousand pesos or both.
4. Imprisonment one degree lower than that of the prescribed
penalty for the offense or a fine of at least one hundred
thousand pesos but not exceeding five hundred thousand
pesos or both.
2.2 The second topic is all about the Enforcement and

Implementation. In which the speaker discussed who are
responsible to enforce the law and the different kinds of
warrants on cybercrime here in the Philippines. Our speaker also
discussed Jurisdiction, International Cooperation, 5 Crimes and
Laws which Co-exist with other cybercrime offenses about their

roles and contribution in cybercrime.
 The National Bureau of Investigation and the Philippine

National Police shall be responsible for the efficient and
effective law enforcement of the provisions of the Act.
 Duties of Law Enforcement Authorities

1. To ensure that the technical nature of cybercrime and its
prevention is given focus.
2. To submit timely and regular reports including pre-
operation, post-operation and investigation results and
such other documents.
 Conditions in order for cybercrime court to be issued
 Court warrants on cybercrime
1. Written applications and the examination under oath pr
affirmation for the applicant and the witnesses he may
product.
2. Produce reasonable grounds showing that;
a. That any of the crimes enumerated hereinabove has been
committed, or is being committed, or is about to be
committed.
b. That evidence that will be obtained is essential to the
conviction of any person for, or to the solution of, or
to the prevention of, any such crimes.
 Kinds of court warrant on cybercrime
1. Warrant to Disclose computer data
2. Warrant to intercept computer data
3. Warrant of search, seize and examine computer data
4. Warrant to examine computer data
Jurisdiction
 The Regional Trial Court shall have jurisdiction over any

violation of the provisions of this Act, including any
violation committed by a Filipino national regardless of
the place of commission.
International Cooperation
 All relevant international instrument on international

cooperation in criminal matters, arrangements agreed on
the legislation, and domestic laws, to the widest extent
possible for the purposes of investigations or proceedings
concerning criminal offenses related to computer systems
and data, or for the collections of evidence in electronic
form of a criminal, offense shall be given full force and
effect.
Crimes and Laws which Co-exist with other cybercrime offenses
1. Cyber Bullying
2. Philippine Copyright Law
3. Photo & Video Voyeurism
4. Child Abuse
5. Trafficking in Persons
After ma’am Imee Abardo discussed all her topics she allowed
all the participants/students to proceed to a question and answer
portion in this webinar. Many students from different schools
were able to asked our speaker different questions about her
topics and all their questions have curiosity and they want to be
enlightened and have a knowledge about it. In the end our speaker
answered all their questions. Lastly, before the webinar end
Mr.Ralph Dela Torre one of the staff of DICT, he gave the
certificate of appreciation to our speaker ma’am Imee Abardo.
Learnings from the webinar
 Cybercrime nowadays is one of the famous crimes that I’ve

heard personally and to be honest I don’t know much about
it. I’m so blessed that I have attended webinar last
August 26,2021 and I’ve learned a lot of things that I was
previously ignorant about it. In this webinar I learned
computer related crimes, legal measures in the
Philippines, and to be familiar on cybercrime pre-emption,
prevention and prosecution of cybercrimes, various types
of cybercrime, procedural laws relating to cybercrimes and
I also learned the possible penalties for people who break
cybercrime laws. I’m very thankful to be a part of this
webinar and I hope that all knowledge I’ve gain on this I
can use in the future.
Webinar link:
https://us02web.zoom.us/w/83723844783?
tk=ueNjkvUmmUPHrukYd71LGLFsBcKSqVAgV97B8Qyzalo.DQMAAAATflR8rxZ1ZF
RaZmpwY1RqU2M3RXBMR29lRFp3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_
Usrs9hjdQJC4duhnIeSFmw
Screenshots of the webinar:

Certificate of Completion/Participation
Webinar 2 Narrative
Topic: Cloud Security best Practices with Microsoft azure
Speaker: Hermes Miraflor
Duration: 3hours

The topic discussed when using a cloud computing service provided

by a public cloud provider, data, and applications are hosted
with a third party, making a fundamental difference between cloud
computing and traditional IT, where most data are within a self-
controlled network and they also discussed about azure and cloud
security.
Webinar Narrative:
Last August 29 at 9am-12noon, Cloud Security best Practices

with Microsoft azure webinar was conducted via zoom/fb live but I
was able to join with zoom. Our resource speaker Mr. Hermes
Miraflor discussed all his topic below.
2.1 The first topic are it talks about the different types of
Cloud Models.
1. Public Cloud – Owned by cloud services or hosting provider

 Provides resources and services to multiple organizations
and users.
 Accessed via secured network connection typically over the
internet.
2. Private Cloud
 Self-service access to compute resources provided to users
within the organization. Owned and operated by the
organizations that create a cloud environment in their
data center, an organization that responsible for
operating the services they provide from their own data
centers.
3. Hybrid Cloud
 Combines Public and Private clouds to allow applications

to run in the most appropriate.
2.2 The second topic are the different types of Cloud Services.
1.Infrastructure as A Service (IAAS)
 Build pay-as-out-go IT infrastructure by renting servers,

virtual machines, storage, networks, and operating systems
from a cloud provider.
 Most basic cloud computing services category.
 Instant computing infrastructure, provisioned and managed
over the internet.
2. Platform as a Service (PaaS)
 Provides environment for building, testing, and deploying
software applications.
 Helps create applications quickly, without focusing on
managing underlying infrastructure.
3. Software as a Service (SaaS)

 Centrally hosted and managed software for end users. User
connect to and use cloud-based apps over the internet.
2.3 Azure
 Azure is the only consistent hybrid cloud, productive for

developer, the cloud for intelligent apps, and the cloud you
can trust.
2.4 Cloud Security
 Security is on cloud because, organizations are losing

ground to cyberattacks.
 Cloud security is a partnership- The security of cloud

service is a partnership between a user and cloud provider.
After our speaker discussed all his topic, just like our first
webinar we proceed to questions and answer portion, and a lot
of questions from the many students were thrown to our speaker
and he was able to answered all of them, after that the
certificate of appreciation is provide to our guest speaker.
Learning from the webinar:
I’ve learned from this webinar are the different types of cloud
computing models, it’s been a blessing for me to have knowledge
about it because nowadays cloud computing is changing the face of
technology. As the speaker in the webinar said that it is
important for us to have basic knowledge and understanding that
cloud computing is the future of technology.
Webinar link:
tk=V8FY5V6TTKb0AZd0yRdDAeS1endE-
VV99PN5hjnqnzU.DQMAAAATX91vjxZFS2Y0dTM3UFJveWlfbG9YbFFkU2p3AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAA
Screenshots of the webinar

Certificate of Completion/Participation:
Topic: Password recovery using hashcat in kali linux
Speaker: Dr. Michael Angelo D. Brogada
Date: September 1, 2021
Duration: 3 hours
In this webinar they discussed an demonstrates the use of hashcat

as a tool for password recovery. They also discussed the concepts
of passwords hashing functions. The topics in this webinar are
password-based authentication, password hashing, authenticating
hashed passwords, online password recovery, virtual box, kali
linux and metasploitable2, and hashcat.
Webinar Narrative:
Last September 1, the third day of Cybersecurity Caravan our

webinar entitled Password recovery using hashcat in kali linux
was conducted via zoom/fb live. Our speaker is Mr. Michael Angelo
D. Brogada a professor from Bicol University and he discussed all
his topic below.
2.1 Password-based Authentication
 Authentication is the process of verifying positively a

user identity, device, or other entity in a computer
system. The password authentication becomes a standard and

predominant form of authentication during login process.
2.2 Password hashing
 Passwords undergo a hashing process and are saved in a

data base in a form of digest. A one-way transformation on
a password, turning the password into another string.
Storing user passwords in the plain text will result in a
breach of security if the password file is compromised.
2.3 Authenticating Hashed Passwords
 The authentication process then compares the stored hash

with the hashed of a user input, if the hash of users
password and a stored password hash is found to be equal,
the user is then granted authentication.
2.4 Online password recovery
On this part of our webinar our speaker gave us different

sites on where we can crack/recover our password by using all
this sites.
 Crackstaion.net – online cracking site that contains

190gb,15 billion-entry lookup table. These lookup tables
were generated by extricating words from the databases of
Wikipedia.
 Hashes.com – online hash lookup service it has been
829.726 billion decrypted MDS hashes. Looking upon this
cracked hashes is the simplest approach and is immune to
the calculation speed of different hash functions.
2.5 Virtual Box

 It allows to run another operating system virtually in a

computer. Use to default setting in the installation, it
supports windows, MAC and linux, Supports NAT network, used
to run multiple OS simultaneously can be used for testing
and disaster recovery, and extension pack is used to support
additional functionality.
2.6 Kali Linux
 Formerly known as Backtrack Linux is an open sourced, Debian

based linux distribution aimed at advanced penetration
testing and security auditing. Contains cool targeted toward
various operation security task, multiplatform solution,
accessible and freely available to information security
professionals and hobbyists.
2.7 Metasploitable2
 An intentionally vulnerable linux virtual machine can be

used to conduct security training, task security tools, and
practice common penetration testing techniques.
2.8 Hashcat
 Inside kali linux since it is used for penetration testing

has this software called hashcat it is considered to be the
world password checking tool, it is open source, it is
multiplatform and supports 350plus hashing types. It has an
attack mode, combination, brut-force, and it support OpenCL
runtime.
Lastly, Mr. Michael Angelo D. Brogada proceed to a question

answer portion as a part of the program in this webinar
regarding to our topic that came from the
participants/students, also our speaker sir Michael received

his certificate of appreciation.
Learnings from the webinar:
We know that passwords provide the first line of defense against

unauthorized access to our accounts. I’ve learned from this
webinar is that how important our password and how to recover it
using hashcat. I also learnt the different site that we can use
to recover password once we forgot it. In this webinar I also
understood the concepts of hashing for securing passwords to
avoid hackers treats.
Webinar link:
tk=eMrQrOjwITJMvpFta2RVeVb3z7VqPB6gOJLLCR34PrM.DQMAAAAUQMvwrRZVMF
lDSzZJRlNFMktid1dpVWI1bGt3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_
qJhYnhN1QCKlqaYSujCzrQ

Topic: Building a Cybersecurity Framework towards a secured

organization
Speaker: Teddy O. Patriarca
Date: September 2,2021
Duration: 3 hours
In this webinar they discussed a topic about cybersecurity

framework which are the cybersecurity and the framework overview,
the cybersecurity framework component, creating the framework
step-by-step procedure that can apply to different organizations.
Webinar narrative:
Last September 2, is the last day of a four day long cyber

security caravan our last webinar is entitled Building a
Cybersecurity Framework towards a secured organization. Our
speaker is Mr. Teddy Patriarca introduced his self to us and in
that very moment he was able to ask some question to us as
participants if we have knowledge about his topic and some of the
participants said yes but not all of us, and after that he began
to discussed all his topic below.
2.1 Framework Overview

 Threats – A cyber threat is a potential attack on a

organizations systems or networks that could harm the system
or the organization. Data breaches, social engineering,
blackhat hackers, mobile attack, and malwares are example of
cyberattacks.
 Vulnerabilities – A vulnerability is a weakness of an asset
that allows an attacker to gain access to a computer system
or other form of network infrastructure.
 Cybersecurity Risks – Risk can never be eliminated
completely, constantly fluctuates depending on the internal
and external factors. Risk severity depends on the presence
of vulnerabilities. Identifying threats and vulnerabilities
is critical to understanding the risks in today cyber
physical and cyber financial systems.
 Risk management – identifications, assessment, responding
and prioritization of risks. The goal is to prepare,
mitigate or even prevent for the unfortunate events.
2.2 Cybersecurity Framework Components
 Framework Core – It presents industry standards,

guidelines and best practices in a common language.
Contains activities, categories and outcomes using common
language.
There are four elements of framework core and this are;
1. Functions – Organize basic cybersecurity activities at

their highest level.
2. Categories – Are the subdivisions of a functions

containing the cybersecurity outcomes.
3. Sub-Categories – Further divisions of category providing
specific outcomes if a technical and/or management
level.
4. Informative – are specific sections of standards,
guidelines and practices that are common among critical
infrastructure sectors.
 Framework Tiers – The context how an organization view
cybersecurity risk. The organizations existing process to
manage that risk.
1. Partial – Lack of awareness of cybersecurity risk in an
organization level, as well as a lack of internal and
external participation. The risk management process is
not formalized.
2. Risk Informed – There is an awareness of cybersecurity
risk in organizational level but shared within the
organization in formal basis. Organization-wide approach
in managing cybersecurity risk is not yet established.
The organization understand its role with respect to its
dependencies/dependents and external participation but
not both.
3. Repeatable – Risk management process are viewed and
regularly updated based on changes in organizational wide
approach requirements, technology, approach to manage
risk. External participation is fully understand its role
on dependencies and dependents and contributes to
community to understand the risk.
4. Adaptable – Risk management process adapt and improve the
best practices based on activities, lessons learned and
predictors. Integrated risk management program an

organization-wide approach to manage risk, policies,
processes and procedures. Continuous awareness of
activities on their systems and networks.
2.3 Implementing the Framework step-by-step procedure
 Step 1- Prioritize and Scope
 Step 2- Orient
 Step 3- Create a Current Profile
 Step 4- Conduct Risk assessment
 Step 5- Create a Target Profile
 Step 6- Determine, Analyze, Prioritize Gaps
 Step 7- Implement Action Plan
Just like the past three webinars after the speaker

discuss all his topics, we proceeded to the question and
answer portion on the webinar and they gave a certificate to
our dear speaker. After that one of the staff of DICT
Camarines Norte extended his appreciation to all the
participants since the first day of the webinar up to the
last day and he also get that chance to invite us again to
their upcoming webinar in the future. Lastly the four days
long Cybersecurity Caravan is come to an end and we have
also the chance to fill up the completion form in able for
us to receive our certificate.
Cybersecurity is very important specially in an organization

because it protects all the important data. In this webinar I
learnt how dangerous threats in an organization, I also learned
risk management and how to implement it. I discovered on this

webinar that with all these cybersecurity threats or risks will
be able to manage carefully through implementing a cybersecurity
framework and build our resilience on it.
Webinar link:
tk=S12bOOKPVF1bTgshS2Vo2XH8dM4flmbUZXzkgmPPkFc.DQMAAAAUerl2_xZORD
dOTkNLZFR1U0hGU1dYODR2MjNnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_
tSvvJVgiQ-Oqb_N2fzfl7Q

MIDTERM COVERAGE
Topic: Cyber Security: How to protect your Digital Privacy and

identity
Organized by: WebsitesAdvice
Speaker: Mary Myka Paumba
Duration: 3 hours
The lecture focuses on how we protect our privacy especially in

this digital era. The concept of digital privacy can be best
described as the protection of the information of private
citizens who use digital mediums. Digital privacy centers on fact
that using digital mediums to conduct affairs, whether personal
or professional, can leave digital footprints.
Webinar Narrative:
Last August 21, the Websites Advice conducted a webinar via

Facebook live, which a lot of students from different
Universities all over the Philippines were able to join. So how
does the webinar help us as a student? What are the topics that
the speaker discussed? What are the benefits of it to us? Our
speaker is ma’am Mary Myka Paumba and she discussed How to
protect your Digital Privacy and identity below.
Safeguard your computer, we rely on our computers for many

different things we trust them to keep our information safe. One
of the biggest threats to computer safety is malware. This can
include viruses, spyware, trojan horses and other malicious
software. It's important to protect your computer and do your
best to keep it running smoothly in able for us to avoid all kind
of cyber threats.
Make Strong Passwords, we know that passwords provide the

first line of defense against unauthorized access to your
computer and personal information. Why do we need strong
passwords? Conversely a strong password makes it difficult for
hackers to break into a machine and will force them to look for
another target, the more complex the password is the lower the
likelihood that one will fall victim to such unwanted intrusion.
Mind your digital footprint, it is important for us to

Delete accounts or service you no longer use, avoid fake personal
information, Clear cookies, use incognito, use trusted extensions
and Privacy search engine in able for us to secure our browsing
data.
Be careful in social media, we need to utilize privacy settings,

avoid public post, only give relevant information, and think
before you post it can help us to avoid any social media threats
that can harm our privacy.
We can also avoid unsecure access through avoiding public

computers, avoiding public Wi-fi, avoiding many internets of
things.
After that our speaker allow us to proceed to questions and

answer portion, and a lot of questions from the many students
were thrown to our speaker and she was able to answered all of
them.
Lastly our speaker which is Ms. Mary Myka Paumba gave us the
evaluation link that we need to answer all the questions in able
for us to get our E-certificates.
I’ve learned from this webinar are the different strategies to

protect my digital privacy and identity by using all the
strategies discussed in the webinar. It’s been a blessing for me
to have knowledge about it because nowadays a lot of cybercrime
issues were happening in our world today, and also cybersecurity
are constant and conscious efforts to safeguard digital
information.
Webinar link:
https://www.facebook.com/websitesadvice/videos/544941620154821/

Certificate of Completion/Participation/Attendance:
Topic: Cyber Security: Mobile Security 101

Duration: 2 hours
Mobile device security is the practice of defending mobile

devices against wide range of cyberattack vectors that threaten
user’s privacy, network origin credentials, finances, and safety.
Webinar Narrative:
Last August 28, the Websites Advice conducted a webinar via

Facebook live, which a lot of students from different
Universities all over the Philippines were able to join.
Our speaker Ms. Myka Paumba discussed the possible steps in

order for us to protect our phone and mind us that those steps
are very easy or it’s really something that everybody can do.
First thing we need to do is create screen lock, the most

basic and most essential things that you need to do in order for
your phones not to be exposed in any kinds of threats or at least
decrease the likelihood of it being threatened by threats.
The next thing we need to do is avoid public wi-fi, whenever

you are connecting to a wi-fi, make sure not the public wi-fi do
away with connecting to a public wi-fi. Why? Because public wi-fi
are not encrypted, so anyone can just connect to the network and
maybe it can use by the cyber criminals to make access to your
personal information, and it easy to say that public wi-fi are

not safe to use.
Next is always update your mobile phone, we need to update

immediately because updates are necessary for security purposes,
that’s why security needs to be updated because they are saying
it needs to be updated somethings were not made to last forever
and software’s in operating systems are not one of them.
Delete apps, deleting applications in mobile devices that

are not useful is good, because the more applications that you
have in your mobile devices the riskier its gets and it is
advisable to delete unusable apps.
Next is check app permission, App permissions are required

for every app that finds its way to the Google Play Store or
Apple App Store. They explain what parts of your phone the app
requests access to, even blocking you from using the app in some
cases if you deny approval. Check each app's permissions and then
change them if necessary.
Lastly after ma’am Myka Paumba discussed all her topics she
allowed all the participants/students to proceed to the question
answer portion in this webinar. Many students from different
schools were able to asked our speaker different questions about
her topics and all their questions have curiosity and they want
to be enlightened and have a knowledge about it. In the end our
speaker answered all their questions.
Learnings from the webinar:
Mobile security nowadays is very important and to be honest I

don’t know much about it. I’m so blessed that I have attended
webinar last August 28,2021 and I’ve learned a lot of things that
I was previously ignorant about it. In this webinar I learned all

the possible way to secure the safety of all mobile users to
avoid cyber attacks that may cause damage to our lives, I’m very
thankful to be a part of this webinar and I hope that all
knowledge I’ve gain on this I can use in the future.
Webinar link:

Topic: Cyber Security: Dangers of Social Engineering
Date: September 4,2021
Duration: 2 hours
Social engineering is as old as people because this is something

that is human nature or something that operates under the human
nature. Social engineering is the art of manipulating people so
they give up confidential information. Criminals use social
engineering tactics because it is easier to exploit your natural
inclination to trust than discover ways to hack your software.
Webinar Narrative:
Last September 4 at 2 o’clock in the afternoon, The Dangers of

Social Engineering webinar was conducted via fb live and I was
able to joined. Our resource speaker Ms. Mary Myka Paumba
discussed all her topic below.
Social engineering tactics, a lot of things like baiting, spear

fishing, fishing, texting quid, pro dumpster, diving and diving
ways these are the different tactics and techniques of social
engineers on how they can trick people to giving money or giving
confidential information, those are just the ways on how they can
trick people.
Study says that 98 percent of cyberattacks rely on social

engineering. It is a kind of attack and a crime that is growing
dynamic and as technology more sophisticated.
How social engineering works, this is not a typical kind of a

scam. Social engineering works best because first and foremost it
has or follows a certain process, almost all of the types of
social engineering attacks have this system or how it works.
First thing that makes social engineering effective or works is

it has a lot of preparation, So the social engineers gathered
information about their victims including where they can access
them like in email, text messages, or internet. So social
engineers really do research to the person to the person or to
the company that they will hack and preparation is mainly
collecting information.
This tell us that we really need to limit the information that we

give out in social media, so we should be weary, be mindful of
what we post in our social media linked in Facebook and in
Instagram. We should really filter to not give or divulge
confidential or personal information because that’s how social
engineering works.
Next is, what makes social engineering effective and dangerous?

Majority of us have experienced scamming and majority of the
population as well is aware of what a scam is. However, why is it
tha there’s a lot of people who still falls or makes social
engineering effective and dangerous, the answer is much simpler
than you think because social engineering operates under human
nature. It thrives on vulnerabilities these are what we call as

our feeling.
Our behavior, our instinct was comprising a person to be a social

engineer. So, they appeal to our emotions that’s why it is so
effective because there’s like a psychological process that
social engineers do. They know how they study, how people behave.
They study how we react in order for them to commit their crime
and sometimes people fall under trap because of human nature and
right.
Majority of the human vulnerabilities that social engineers’

attacks are our feeling of fear, greed, desire, and helpfulness.
Social engineers make you feel anxiety in order for them to do
their crime.
Lastly after our speaker discussed all her topics, just like
our past webinar we proceed to questions and answer portion,
and a lot of questions from the many students were thrown to
our speaker and he was able to answered all of them, after
that the certificate of appreciation is provide to our guest
speaker.
I’ve learned from this webinar are the different types of how
social engineers work to do their crimes, it’s been a blessing
for me to have knowledge about it because nowadays social
engineers are changing the face of technology through their crime
works. As the speaker in the webinar said that it is important
for us to have basic knowledge and understanding about social
engineering in order for us to avoid to be a victim.
Webinar link:

FINALS COVERAGE
Topic: Data Privacy Protection
Organized by: DICT Visayas Cluster
Speaker: Sammy V. Militante
Date: October 11-15, 2021
Duration: 15 hours
In general, data privacy refers to a person's ability to choose

when, how, and to what extent personal data about them is shared
with or conveyed to others. This personal information can include
a person's name, address, phone number, and online or offline
conduct. Many online users desire to regulate or avoid some sorts
of personal data collecting, much as they might want to exclude
persons from a private conversation.
As the number of people using the Internet has grown, so has the
necessity of data privacy. In order to deliver services,
websites, software, and social media platforms frequently need to
collect and store personal data about users. Some programs and
platforms, on the other hand, may go beyond users' expectations
in terms of data gathering and utilization, leaving them with
less privacy than they anticipated. Other apps and platforms may
not have proper security measures in place to protect the data
they gather, which could lead to a data breach.
Webinar Narrative:
As the number of cybercriminals are increasing nowadays in our

technological era of this world, the DICT Visayas Cluster
conducted a 15 hours webinar entitled Data Privacy Protection for
us to have knowledge on how we protect our privacy in this modern
world.
2.1 Goals of Data Privacy Act of 2012
1. Protect the fundamental human right of privacy, of

communication while ensuring free flow of information to promote
innovation and growth.
2. Ensure that personal information in information and

communications systems in the government and in the private
sector are secured and protected.
2.2 What to prevent and eliminate?
1. Penalized violation against data privacy of a data subject
2. Non conformity of the filing system, automation program and

technology services to the data privacy rights, data privacy
principles, lawful processing criteria, condition to process
sensitive information, and security measures in the personal data
collection, processing, retention, sharing, and disposal.
3. Insecure technology infrastructure and negative user behavior

of unlawful access, control, processing, transmission, storage,
sharing, and deletion of personal data.
2.3 The legal liability of data privacy compliance belongs to:
Personal Information Controller (Business Owner)
1. A natural or juridical person, or any other body who controls

the processing of personal data, or instructs another to process
personal data on its behalf. There is control if the natural or
juridical person or any other body decides on what information is
collected, or the purpose or extent of its processing.
2. Implements reasonable and appropriate organizational,

physical, and technical security measures for the protection of
personal data. The personal information controller takes steps to
ensure that any natural person acting under their authority and
who has access to personal data, does not process them except
upon their instructions, or as required by law
3. Responsible for any personal data under its control or

custody, including information that have been outsourced or
transferred to a personal information processor or a third party
for processing, whether domestically or internationally, subject
to cross-border arrangement and cooperation.
4. Accountable for complying with the requirements of the Data

Privacy Act of 2012, it’s implementing rules and regulation, and
other issuances of the National Privacy Commission. It shall use
contractual or other reasonable means to provide a comparable
level of protection to the personal data while it is being
processed by a personal information processor or third party.
5. Required to designate an individual or individuals who are

accountable for its compliance with the R.A. 10173. The identity
of the individual or individuals so designated shall be made
known to a data subject upon request.
Personal Information Controller (Head of Agency)
1. To designate a Data Protection Officer
2. To conduct a Privacy Impact Assessment for each program,

process or measure within the agency that involves personal data,
Provided, that such assessment shall be updated as necessary
3. To create privacy and data protection policies, taking into

account the privacy impact assessments, as well as Sections 25 to
29 of the IRR
4. To conduct a mandatory, agency-wide training on privacy and

data protection policies once a year: Provided, that a similar
training shall be provided during all agency personnel
orientations
5. To register its data processing systems with the Commission in

cases where processing involves personal data of at least one
thousand 6. To cooperate with National Privacy Commission in the
review of data privacy and security policy.
2.4 Data Protection Officer
The Data Protection Officer is designated by a Personal

Information Controller or Personal Information Processor to be
accountable for the organization’s compliance with applicable
laws and regulations for the protection of data privacy and
security.
The key result areas of an independent Data Protection Officer

are the following:
1. Monitor the compliance of the Personal Information Controller

and Processor with the R.A 10173 implementing rules and
regulation, and with the circulars, advisories and case

resolution issued by the National Privacy Commission.
2. Advice the Personal Information Controller or Processor

regarding complaints and/or the exercise by data subjects of
their rights.
3. Respond to the concern and complain of a Data Subject on the

violation of data privacy in accordance with NPC rules of
procedure.
4. Ensure the conduct of Privacy Impact Assessment on the

process, system and technology of personal data processing of the
Personal Information Controller or Processor.
5. Ensure proper data breach and security incident management of

the Personal Information Processor and Controller. Make sure that
the communication and documentation requirements of the National
Privacy Commission are responded by the Personal Information
Controller or Processor.
6. Inform and cultivate awareness on privacy and data protection

within the organization. Ensure the conduct of enterprise or
agency wide capacity building or training program, and regular
personnel training on data privacy and security management.
7. Advocate the development, review and/or revision of policies,

guidelines, projects and/or programs of the Personal Information
Controller or Processor related to privacy and data protection,
by adopting a privacy by design approach
8. Serve as the contact person of the Personal Information

Controller or Processor to relate with a data subjects, interest
group, National Privacy Commission, and other authorities in all
matters concerning data privacy or security issues or concern
9. Cooperate, coordinate and seek advice of the National Privacy

Commission regarding matters concerning data privacy and security
2.5 Data Privacy Rights Violation
1. Unauthorized processing 3-6 years imprisonment 500K-4M penalty

- It is when personal information is processed without the
consent of the data subject, or without being authorized using
lawful criteria
2. Negligence in access 1-6 years imprisonment 500K-4M penalty
- It is when personal information is made accessible due to

negligence and without being authorized by any existing law.
3. Improper disposal 6 mos-3 years imprisonment 100K-1M penalty
- It is when personal information is knowingly or negligently

disposed, discard, or abandon in an area accessible to the public
or has otherwise placed the personal information of an individual
in any container for trash collection
4. Unauthorized purpose 1-7 years imprisonment 500K-2M penalty
-It is when personal information is processed for purposes not

authorized by the data subject, or otherwise authorized by any
existing laws.
5. Unauthorized access or intentional breach 1-3 years

imprisonment 500K-2M penalty
- It is when an individual handling personal information

knowingly and unlawfully, or violating data confidentiality and
security data systems, breaks in any way into any system where
personal and sensitive personal information are stored
6. Concealed breach 1-5 years imprisonment 500K-1M penalty
- It is when an individual or entity who has knowledge of a security

breach and of the obligation to notify the Commission pursuant to
Section 20(f) of the Act, intentionally or by omission conceals the
fact of such security breach.
2.6 RIGHTS OF THE DATA SUBJECT RESPECTED
1. The right to be informed - Data subject is INFORMED before the

collection, retention, processing, disclosure, and disposal of
personal data, and in the event there is breach of data privacy.
2. The right to give consent - Data subject gives direct CONSENT

before collection, retention, processing, disclosure, and
disposal of personal data. Unless, there is legal basis for
exception.
3. The right to access - Data subject is provided ACCESS to the

data processing activities, as determined by existing laws and
agreement.
4. The right to object - Data subject is allowed to OBJECT the

processing of personal data, most especially when there is
concern on data privacy violation, or related to direct
marketing, automated processing or profiling. A procedure to
withdraw consent is made available.
5. The right to erasure or blocking - Data subjected is allowed

to BLOCK or ERASE personal data processing and personal
information in the personal information controller’s filing
system, or automated program
6. The right to rectify - Data subject is allowed to RECTIFY or

CORRECT the inaccuracy or error in the personal data, and have
the personal information controller to make correction.
7. The right to data portability - Data subject is provided with

ability to obtain from the personal information controller a
digital copy of personal data which is called right to DATA
PORTABILITY.
8. The right to complain - Data subject is informed and provided

with procedure to COMPLAIN direct experience or concern about
data privacy violation.
9. The right to claim damages - Data subject is provided with

procedure to CLAIM DAMAGES, which is to be indemnified for
damages sustained due to inaccurate, incomplete, outdated, false,
unlawfully obtained, or unauthorized use of personal data.
2.7 Data Privacy Stakeholders
1. Data Subject - Represents the exercise of data privacy rights

and main party to associate personal data to be protected with
privacy and security
2. National Privacy Commission - Creates regulation; monitor

compliance; educate the public; enforces rules; and resolve cases
on data privacy
3. Personal Information Controller Directs and rules the
processing of personal information with set limitations on data
privacy
4. Personal Information Processor - Performs the instruction to
process personal information based on privacy processing
agreement with a Personal Information Controller
5. Data Protection Officer - Perform the oversight function for

the Personal Information Controller to achieve the mandated
accountability and responsibility on data privacy
6. Compliance Officer for Privacy - Assist in the oversight
function to direct, compliance, to monitor breach events, to
resolve and report privacy security incidents
7. IT and Infrastructure Service Providers - Provision of the
technical measures to secure personal information protection in
the location, hardware, software, and services of personal data
processing
8. 3rd Party of Data Sharing - Responsible for the transferred or
shared data to be used in compliance with data privacy regulation

Privacy is one of the important things in any aspect of our life
Nowadays, cybercrime is one of the most well-known crimes I've
heard about, and to be honest, I don't know much about it. I'm
really fortunate that I was able to attend a webinar on October
11-15, 2021, and I learnt a lot of stuff that I was previously
unaware of. In this webinar, I learnt about computer-related
crimes, legal measures in the Philippines, and how to avoid,
prevent, and prosecute cybercrime, as well as the many categories
of cybercrime, procedural rules connected to cybercrime, and the
possible punishments for those who break cybercrime laws.
I'm grateful to have been a part of this webinar, and I want to
put what I've learned here to good use in the future.
Webinar link:
http://zoom.us/j/94955674651

Prepared by:
VINCE B. UGALDE
BSIT-4A

Itts Final Requirement Vince Ugalde

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Itts Final Requirement Vince Ugalde

Uploaded by

Copyright:

Available Formats

UNIVERSITY OF CAGAYAN VALLEY

Tuguegarao City, Cagayan, Philippines

NARRATIVE REPORTS IN THE SUBJECT

Topic: Cybercrime Prevention and Law in the Philippines

Organized by: DICT Luzon cluster 3 - Camarines Norte

Speaker: Imee M. Abardo

Date: August 26,2021

Background of the topic:

The lecture focuses on the overview, history, and updates in

Last August 26, Cybercrime Prevention and Law in the Philippines

2.1 The first topic is all about Cybercrime offenses and

 under section 4 R.A 10175, offenses in this act are

A. Cybercrime is the misuse of computers and other electronic

1. Imprisonment of prision mayor or a fine of at least two

B. Computer-related offenses, Computer-related forgery,

1. Imprisonment of prision mayor or a fine of at least two

C. Content-related offenses – cybersex, child pornography,

1. Cybersex – Imprisonment of prision mayor or a fine of at

2.2 The second topic is all about the Enforcement and

Laws which Co-exist with other cybercrime offenses about their

 The National Bureau of Investigation and the Philippine

 Duties of Law Enforcement Authorities

4. Warrant to examine computer data

 The Regional Trial Court shall have jurisdiction over any

 All relevant international instrument on international

Crimes and Laws which Co-exist with other cybercrime offenses

2. Philippine Copyright Law

3. Photo & Video Voyeurism

Learnings from the webinar

 Cybercrime nowadays is one of the famous crimes that I’ve

Screenshots of the webinar:

Topic: Cloud Security best Practices with Microsoft azure

Organized by: DICT Luzon cluster 3 - Camarines Norte

Speaker: Hermes Miraflor

Date: August 31,2021

Background of the topic:

The topic discussed when using a cloud computing service provided

Last August 29 at 9am-12noon, Cloud Security best Practices

1. Public Cloud – Owned by cloud services or hosting provider

 Combines Public and Private clouds to allow applications

1.Infrastructure as A Service (IAAS)

 Build pay-as-out-go IT infrastructure by renting servers,

3. Software as a Service (SaaS)

 Azure is the only consistent hybrid cloud, productive for

2.4 Cloud Security

 Security is on cloud because, organizations are losing

 Cloud security is a partnership- The security of cloud

Learning from the webinar:

Screenshots of the webinar

Topic: Password recovery using hashcat in kali linux

Organized by: DICT Luzon cluster 3 - Camarines Norte

Speaker: Dr. Michael Angelo D. Brogada

Date: September 1, 2021

Background of the topic:

In this webinar they discussed an demonstrates the use of hashcat

Last September 1, the third day of Cybersecurity Caravan our

2.1 Password-based Authentication

 Authentication is the process of verifying positively a

system. The password authentication becomes a standard and

2.2 Password hashing

 Passwords undergo a hashing process and are saved in a

2.3 Authenticating Hashed Passwords

 The authentication process then compares the stored hash