Names: Olyv E. Dedal and Geneviv C.

Tanduyan Section/Grade: BSIS3 Date: 1/14/24

1. What are the advantages and disadvantages of being an information technology. Based on your
experience.

- The advantage of being one of professionals that is aligned with information technology is that
first (1) is you can do things easily because some of the tasks, you can make it automated like you can be
able to use different applications that could be able to address the task. I can do thing easier when it
comes to using computers because in my experience especially with teachers, because it would take
them time to understand the applications and then here it comes that I am techy, and that it is my
profession, it would be easy for me and that I can do things easier when it comes to using computers.
Second (2) is that you can be able to repair your own computers by yourself without asking for help
from anyone especially when sometimes that you can repair your own laptop by using google. Third (3)
is being versatile towards career opportunities. For me, it is an advantage of being techy because there
is computer which is true, and I can depend on YouTube University and google. When I compare myself
to my friends, based on our different professions, for them, all the things I do are difficult for them but
for me it is very easy because I always practice them. The disadvantage is first (1), you always use the
computer where it can damage your sight and it will deteriorate whether you like it or not. That what
my optometrist said that I got no choice, and my eyes can be easily damaged. Second (2) is some
professionals love games but mostly, not so sure about some girls but I am very drawn to playing games
like computer and mobile games. Third (3) is, there is a part where I am becoming an introvert lately
because I can feel comfort with them. It is very hard to be separated from my phone and laptop because
it is a part of my life, and I can’t live without technology because I am really into technology.

2. How do you stay current with the latest security technologies and industry practices?

- The advantage of it for me is I’m a government employee where I can always go into seminars
like how to protect your network, especially that my position in an Information Technology then I will
always have updates from friends. If you’re an IT, then you must also be friends with those who are the
same as me, which are the ITs so I can already get some information from them. Watching news can also
help and school can also help me especially because of my master’s degree where they always introduce
the new technology, updates, and new attack prevention. It is a huge help when you’re in the same
career, environment, and friends because I can always get updated from them.

3. Can you discuss your experience with incident response and disaster planning?

- What happened was someone mistakenly uploaded our server and the disadvantage of having
that server is that it cannot accommodate a lot of data. Here it comes where two transactions that shall
not be met got connected. I’m the only one at that time that is present in our division, then our billing
lagged, and the people’s payment are ongoing, and it is very important that our billing will always be
available. How can the concessionaire pay if our system is lagging, and they are already complaining.
Here it comes that I found out that someone uploaded the system accidentally in a wrong schedule and
it is a difficult application because it is SQL because you can either lose your data because you didn’t
know its info then its currently lagging, or you can lose the money. Imagine that the data is currently
flowing on live. My senior remoted the billing by shutting down the server properly for a while and
informed the other division to stop because you can’t upload the server while the billing is ongoing so it
must be stopped. One of the reasons why it happened is that our technology cannot accommodate it
and our system has limitation and the limitation is to only upload it during night. It was a very critical
situation where I got very nervous because it is my first time encountering that kind of
situation/problem because it happened while the transactions are ongoing, and the Information
technology will always be the one to blame for it. That time, what we did is we made an incident report
by explaining it on a letter. It is a proper documentation by explaining that the risk it was not from us
and our fault because it was an accident. It was very terrifying and whether I like it or not, I am just
working for my career and I am the one to blame. The situation really requires presence of mind by
thinking before you act and making yourself calm while doing the process where: I called my senior first,
get the attention of our programmer, and then I created the incident report so that it can be
documented.

4. How do you ensure compliance with relevant security assessments and penetration testing?

- We ensure by paying always because if you would not be able to pay the specific
firewall/antivirus, automatically, you cannot be able to update any updates on the software and that is
one of how we can be able to ensure that no attacks can penetrate from the networks. Separating our
system from internet and our billing, we all know that internet can attack anytime so we separated our
system that has no internet. The advantage of it is that even if it has no internet, you can be able to
access the system and it is not prone to attacks. Aside from updating our used software or firewall is that
we always see its reports so after updating the software and it will automatically read the readabilities
from it. You must make actions when an attack is notified or anticipated by your computer.

5. What are the common types of cyber threats that you have encountered in your career and how do
you protect against them?

- Mostly are malware attacks and you can get them from the internet and websites. We usually
make limitations with our usage by blocking anything that we can and those infected flash drives that
contain malwares. We still haven’t experienced penetration since our internet is separated but we still
won’t let our guard down because it is not safe even our co-workers can penetrate our system or
computer anytime if they wanted to do malicious acts.

6. How do you manage access controls and user permissions to prevent unauthorized access to
sensitive data?

- We manage the user by letting the roles access those sensitive data such as: if you’re an admin,
you must access admin only and vice versa for other users. Don’t let the user become the admin, even
the IT user is got limits from the admin’s access to sensitive data.

7. What is the importance of encryption in computer security?

- For me, encryption is very important because the good thing is that your network and data can
not be penetrated that easily. Aside from encrypting the token it is more assured that encryption and
encrypted is very safe. There are lots of technologies that can safeguard your network and data and you
must also have IT policies because the hacker is also withing the are of responsibility.
 We interviewed an IT graduate and a professional IT, and she is currently our adviser for SAD 2.
She requested not to show her face for privacy reasons, and we respect that. So, this is the only proof
that we interviewed her.