SLG 3.1 - Social and Ethical Issues in Computing (ICT) - Cybersecurity.pdf

Full Transcript

COMPUTER SCIENCE I ONLINE LEARNING MODULE

Subject Code CS 1 Computer Science 1
Module Code 3.0 Social and Ethical Issues in Computing (ICT)
Lesson Code 3.1 Cybersecurity
Time Frame 60 minutes

Components Tasks TA ATA
(min) (min)b
a

Target By the end of this learning guide module, the students should be able to: 1
1. understand cybersecurity and identify cybersecurity threats,
2. determine how to manage cybersecurity risks,
3. know the Philippine Laws that cover cybersecurity

Hook 9
In the previous lessons, we discussed the impact of Information and
Communication Technology (ICT) at home, school and work.

ICT plays a huge role in modern society. However, ICT is vulnerable to
different kinds of threats. Due to these threats, it is important to follow
effective cybersecurity measures.

Watch the video on Cybersecurity to learn about them. Click on the given
link.

Cybersecurity 101 - https://www.youtube.com/watch?v=sdpxddDzXfE

Answer the following questions for discussion:
1. Why is the internet developed?
2. What are possible threats when using the Internet?
3. How can these threats be eliminated?

Ignite 30
Cybersecurity consists of technologies, processes, and practices that are
created to protect networks, devices, programs, and data from attack,
damage, or unauthorized access. Cybersecurity may also be referred to
as information technology security.

There are ten common types of cyber threats:

1. Malware. These are software that execute malicious tasks on a device
or network. Examples of these malicious tasks include corrupting
data or taking over a system.

CS 1 | Page 1 of 8
2. Phishing. Phishing is one of the most popular techniques used for
stealing passwords and sensitive information like credit cards,
banking username & passwords etc. This type of online fraud often
uses email that appears to be from a legitimate company asking you
to provide sensitive information.

3. Spear Phishing. A more sophisticated form of phishing where the
attacker learns about the victim and impersonates someone he or she
knows and trusts.

4. “Man in the Middle” (MitM) attack. It is a general term for when an
attacker positions himself in a conversation between a user and an
application—either to eavesdrop or to impersonate one of the parties,
making it appear as if a normal exchange of information is underway.

Dobran

5. Trojans. Is a type of malware that conceals its true content to fool a
user into thinking it's a harmless file but then lets out the malicious
program once inside the host system.

6. Ransomware. It is a type of malicious software designed to block
access to a computer system until a sum of money is paid.

7. Denial of Service attack or Distributed Denial of Service Attack
(DDoS). Where an attacker takes over many devices and uses them
to invoke the functions of a target system, e.g. a website, causing it
to crash from an overload of demand.

CS 1 | Page 2 of 8
 Thompson

8. Attacks on IoT Devices. IoT devices like industrial sensors are
vulnerable to multiple types of cyber threats. These include hackers
taking over the device to make it part of a DDoS attack and
unauthorized access to data being collected by the device. Given
their numbers, geographic distribution and frequently out-of-date
operating systems, IoT devices are a prime target for malicious
actors.

9. Data Breaches. A data breach is a theft of data by a malicious actor.
Motives for data breaches include crime (i.e. identity theft), a desire
to embarrass an institution (e.g. Edward Snowden or the DNC hack)
and espionage.

10. Malware on Mobile Apps. Mobile devices are vulnerable to
malware attacks just like other computing hardware. Attackers may
embed malware in app downloads, mobile websites or phishing
emails and text messages. Once compromised, a mobile device can
give the malicious actor access to personal information, location
data, financial accounts and more.

Cyber threats are hard to eliminate. They often evolve and there are
millions being created every year. They are also becoming more and
more powerful. There is a new generation of “zero-day” threats that are
able to surprise defenses because they carry no detectable digital
signatures. Another emerging menace is called “Advanced Persistent
Threats” (APTs). APTs are hackers who burrow into networks and
maintain a connection that can’t be stopped simply by software updates
or rebooting a computer.

Cyber threats come from a variety of places, people and contexts. The

CS 1 | Page 3 of 8
following are some reasons why cyber threats exist:
1. Individuals that create attack vectors using their own software
tools
2. Criminal organizations that are run like corporations, with large
numbers of employees developing attack vectors and executing
attacks
3. Nation states
4. Terrorists
5. Industrial spies
6. Organized crime groups
7. Unhappy insiders
8. Hackers
9. Business competitors

Best Practices for Cybersecurity

1. Enable best firewall protection. A firewall is a network security
device that monitors incoming and outgoing network traffic and
permits or blocks data packets based on a set of security rules.

2. Update your security software.

Security software is any type of software that secures and protects
a computer, network or any computing-enabled device.

Examples of security software include the following:
a. Computer Antivirus
b. Anti-Spyware Software
c. Network Security
d. Firewalls
e. Password Managers
f. Encryption Software
g. Log Management Software
h. Bot Mitigation
i. Monitoring Tool
j. Intrusion Prevention Software

3. Enforce strong and safe password.

A strong password is at least 8 characters. It includes Numbers,
Symbols, Capital Letters, and Lower-Case Letters. Use a mix of
different types of characters to make the password harder to crack.
Stay away from obvious dictionary words and combinations of
dictionary words.

4. Use multi-factor authentication.

CS 1 | Page 4 of 8
 Multi-factor authentication (MFA) is defined as a security
mechanism that requires an individual to provide two or more
credentials in order to authenticate their identity. In IT, these
credentials take the form of passwords, hardware tokens,
numerical codes, biometrics, time, and location.

5. Regular Data Backup.
6. Raise awareness.
7. Monitor Third-party controls.
8. Ignore pop-ups, links and unnecessary messages.
9. Monitor the privileged users
10. Prepare the cybersecurity policies

Philippine Cybersecurity Law and Policies

The Philippines has set laws and policies to ensure cyber security.

1. Republic Act 7925 (Public Telecommunications Policy Act
of the Philippines)

This is an act to promote and govern the development of
Philippine Telecommunications and the delivery of public
telecommunications services

2. Republic Act 8792 (E-Commerce Act)

An Act Providing For The Recognition And Use of Electronic
Commercial And Non-Commercial Transactions, Penalties
For Unlawful Use Thereof, And Other Purposes, also known
as the "Electronic Commerce Act.

3. Republic Act 9775 (Anti-Child Pornography Act of 2009)

An act defining the crime of child pornography, prescribing
penalties therefor, and for other purposes

4. Republic Act 9995 (Anti-Photo and Video Voyeurism Act of
2009)

An act defining and penalizing the crime of photo and video
voyeurism, prescribing penalties therefore, and for other
purposes.

5. Republic Act 10173 (Data Privacy Act of 2012)

CS 1 | Page 5 of 8
 An act protecting individual personal information in
information and communications systems in the government
and the private sector, creating for this purpose a national
privacy commission, and for other purposes

6. Republic Act 10175 (Cybercrime Prevention Act of 2012)

It is an act defining cybercrime, providing for the prevention,
investigation, suppression and the imposition of penalties
therefor and for other purposes

Navigate 10
Answer the following questions:
1. What is cybersecurity?
2. Why is it important to understand cybersecurity?
3. Enumerate and describe five (5) cybersecurity threats
4. What practices can you apply when using the Internet as a
student? Give five (5) and state why you think they are good
practices.
5. What does the following Philippine Cybersecurity law cover?
a) Republic Act 7925 (Public Telecommunications Policy Act of
the Philippines)
b) Republic Act 8792 (E-Commerce Act)
c) Republic Act 9775 (Anti-Child Pornography Act of 2009)
d) Republic Act 9995 (Anti-Photo and Video Voyeurism Act of
2009)
e) Republic Act 10173 (Data Privacy Act of 2012)
f) Republic Act 10175 (Cybercrime Prevention Act of 2012)

Knot In summary, 10

✔ Cybersecurity is the protection of internet-connected systems
such as hardware, software and data from cyber-threats. The
practice is used by individuals and enterprises to protect against
unauthorized access to data centers and other computerized
systems
✔ Examples of cybersecurity threats are: Malware, Phishing,
Spear Phishing, “Man in the Middle” (MitM) attack, Trojans,
Ransomware, Denial of Service attack or Distributed Denial of
Service Attack (DDoS), Attacks on IoT Devices, Data
Breaches, and Malware on Mobile Apps

✔ There are many reasons behind cybersecurity threats. These
include: Individuals that create attack vectors using their own
software tools, criminal organizations that are run like
corporations, with large numbers of employees developing

CS 1 | Page 6 of 8
 attack vectors and executing attacks, Nation states, Terrorists,
Industrial spies, Organized crime groups, Unhappy insiders
1. Hackers
2. Business competitors

✔ In order to reduce threats in cybersecurity, the following must
be practiced: Enable best firewall protection, update your
security software, enforce strong and safe password, use multi-
factor authentication, regular data backup, raise awareness,
monitor Third-party controls, ignore pop-ups, links and
unnecessary messages, monitor the privileged users, and
prepare the cybersecurity policies

✔ The Philippines has the following cybersecurity laws. They are:
Republic Act 7925 (Public Telecommunications Policy Act of
the Philippines), Republic Act 8792 (E-Commerce Act),
Republic Act 9775 (Anti-Child Pornography Act of 2009),
Republic Act 9995 (Anti-Photo and Video Voyeurism Act of
2009), Republic Act 10173 (Data Privacy Act of 2012), and
Republic Act 10175 (Cybercrime Prevention Act of 2012)

Short Answer:
Cite one (1) actual Cybersecurity breach which happened in the
Philippines and discuss whether you agree or disagree on how it was
resolved.

✔ Discuss in a maximum of 500 words.
✔ Make sure to mention the date when the breach happened and
the organization involved

a
TA – time allocation suggested by the teacher
b
ATA- actual time allocation spent by the student (for information purposes only)

References: using APA format (7th edition)
1. NOVA. (2020, May 29). Cybersecurity 101. PBS LearningMedia.
https://www.pbslearningmedia.org/resource/nvcy-sci-cyber101/cybersecurity-101/.
2. What is Cyber Security? Definition, Best Practices & More. Digital Guardian. (2020, June 10).
https://digitalguardian.com/blog/what-cyber-security.
3. Thompson, A. (2019, October 14). What Is a DDoS Attack? (Hint: It Involves Zombies & Traffic
Jams). Hashed Out by The SSL Store™. https://www.thesslstore.com/blog/what-is-a-ddos-
attack/.

4. Dobran, B. (2020, July 24). The Ultimate Guide to Man in the Middle Attacks: Prevention is Key.
PhoenixNAP Global IT Services. https://phoenixnap.com/blog/man-in-the-middle-attacks-
prevention.

5. What Are Cyber Threats and What to Do About Them. The Missing Report. (2020, April 24).
https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about-
them/.

CS 1 | Page 7 of 8
 6. Technologies, M. (2017, November 26). Top 10 Cyber Security Best Practices 2020. Mindmajix.
https://mindmajix.com/top-10-cybersecurity-best-practices.
7. Toral, J., Author Janette Toral Janette Toral is an E-Commerce Advocate. Digital Influencer., &
*, N. (2013, March 25). Salient features of Data Privacy Act of 2012 - Republic Act 10173 -
DigitalFilipino: E-Commerce in the Philippines. DigitalFilipino.
https://digitalfilipino.com/salient-features-of-data-privacy-act-of-2012-republic-act-10173/.
8. Albarico, J.M. (2013). THINK Framework. Based on Ramos, E.G. and N. Apolinario. (n.d.)
Science LINKS. Quezon City: Rex Bookstore Inc
9. THINK icons and blue car images by Clker-Free-Vector-Images from Pixabay

Prepared by: Reviewed by:

Michelle C. Cuestas Graceson Cuyasen
SST III SST III
PSHS-SMC PSHS- CARC

CS 1 | Page 8 of 8