Unit 6-10

Unit 06: Information Systems
Going over the technologies in the past and how it has evolved to the
technologies we have in the present gave us an idea of what is possible in the future.
It is with the creativity and ingenuity of us, human beings, that we are able to make
sense of technological developments and turn them into productivity boosting tools.
But technologies are not developed to match exactly what every person needs.
After all, each person has something different to do and to work on. It is thus important
for these technologies to be transformed into something that is geared towards making
every person productive despite the difference in their needs. Technologies are being
specialized. So how exactly does these technologies work?
Companies use information as a weapon in the battle to increase productivity,

deliver quality products and services, maintain customer loyalty, and make sound
decisions. Information technology can mean the difference between success and
failure. Information technology (IT) is the application of a combination of hardware and
software used to retrieve, store, transmit and manipulate data, often in the context of
a business or other enterprise.
Data are facts that are recorded and stored. Information is processed data used
in decision making. The value of information is the benefit produced by the information
minus the cost of producing it.
A System is a set of two or more interrelated components interacting to achieve

a goal.
Page | 1
Information Systems
● Set of interrelated components
● Collect, process, store, and distribute information
● Support decision making, coordination, and control
● May also help analyze problems, visualize complex subjects and create new
products
Information System Components
● Hardware – tangible aspect of a computer system

● Software – programs and other operating information used by a computer
(systems, application, enterprise, horizontal system, vertical systems, legacy
systems)
● Data - is the raw material that an information system transforms into useful
information
● Processes - describes the tasks and business functions that users, managers,
and IT staff members perform to achieve specific results. Processes are the
Page | 2
building blocks of an information system because they represent actual day-to-
day business operations.
● People - those who have an interest in an information system are called
stakeholders. Stakeholders include the management group responsible for the
system, the users (sometimes called end users) inside and outside the company
who will interact with the system, and IT staff members, such as systems
analysts, programmers, and network administrators who develop and support
the system.
Who develops Information Systems?

● Traditionally, a company either developed its own information systems, called
in-house applications, or purchased systems called software packages from
outside vendors.
● Today, the choice is much more complex. Options include Internet-based
application services, outsourcing, custom solutions from IT consultants, and
enterprise-wide software strategies.
Systems Analysis and Design

Systems Analysis and Design is a step-by-step process for developing high-
quality information systems.
Systems Analyst plans, develops, and maintains information systems.
Business and Information Systems
With the different technological advancements, businesses have adopted newer

processes and have upgraded their business models
● Brick-and-mortar - refers to a traditional street-side business that offers
products and services to its customers face-to-face in an office or store that the
business owns or rents.
● Click-and-mortar - Click and mortar is a type of business model that has both
online and offline operations, which typically include a website and a physical
store.
Page | 3
● Click - Click-only companies are those companies who have a website/online
presence without a physical store. They sell their products through their
website only.
The Internet has drastically reduced the intermediaries within a transaction. Internet-
based commerce is called e-commerce (electronic commerce) or I-commerce (Internet
commerce). The E-commerce includes two main sectors: B2C (business-to-consumer)
and B2B (business-tobusiness).
B2C (Business-to-Consumer)
● Using the Internet, consumers can go online to purchase an enormous variety
of products and services. This new shopping environment allows customers to
do research, compare prices and features, check availability, arrange delivery,
and choose payment methods in a single convenient session.
B2B (Business-to-Business)
● Business-to-business (B2B), also called B-to-B, is a form of transaction between
businesses, such as one involving a manufacturer and wholesaler, or a
wholesaler and a retailer.
Business and Information Systems
In the past, IT managers divided systems into categories based on the user
group the system served. Categories and users included office systems (administrative
staff), operational systems (operational personnel), decision support systems (middle-
Page | 4
managers and knowledge workers), and executive information systems (top managers).
Today, traditional labels no longer apply. For example, all employees, including top
managers, use office productivity systems. Similarly, operational users often require
decision support systems. As business changes, information use also changes in most
companies. Today, it makes more sense to identify a system by its functions and
features, rather than by its users.
Examples of Information Systems according to support provided

● Inventory Control (TPS)
● Reservations (TPS, MIS)
● Customer Order Processing / Point-of-Sale (TPS)
● Warranty Claim Processing (TPS)
● Records Management (MIS)
● Enrollment System (TPS)
● Attendance Monitoring (MIS)
● Payroll (TPS)
● Queuing (TPS)
WHAT INFORMATION DO USERS NEED?

Page | 5
Corporate organizational structure has changed considerably in recent years. As
part of downsizing and business process reengineering, many companies reduced the
number of management levels and delegated responsibility to operational personnel.
Although modern organization charts tend to be flatter, an organizational hierarchy still
exists in most companies. A typical organizational model identifies business functions
and organizational levels, as shown in the figure below. Within the functional areas,
operational personnel report to supervisors and team leaders. The next level includes
middle managers and knowledge workers, who, in turn, report to top managers. In a
corporate structure, the top managers report to a board of directors elected by the
company’s shareholders.
Top managers
● Strategic plans
Middle Managers and Knowledge Workers

● Middle managers provide direction, necessary resources, and performance
feedback to supervisors and team leaders
● Knowledge workers include professional staff members such as systems
analysts, programmers, accountants, researchers, etc.
Supervisors and Team Leaders

● Oversee operational employees and carry out day-to-day functions
Operational Employees
● Operational employees include users who rely on TP systems to enter and
receive data they need to perform their jobs.
Page | 6
MODULE 2
Unit 07: Systems Development Life Cycle

The aim of an SDLC methodology is to give IT Project Managers the tools they
need to assure the effective deployment of systems that meet the University's
strategic and business goals.
ROLE IN THE PROJECT PROPOSAL
System Analyst
● A systems analyst investigates, analyzes, designs, develops, installs,
evaluates, and maintains a company’s information systems.
● On large projects, the analyst works as a member of an IT department
team
● Smaller companies often use consultants to perform the work
SYSTEM DEVELOPMENT
System development is the process of defining, designing, testing and

implementing a software application. A system development project includes a
number of different phases, such as feasibility analysis, requirements analysis,
software design, software coding, testing and debugging, installation and
maintenance.
System Development Methods

Systems Development Life Cycle
● Predictive Approach
● Use of Process Models
● Process-centered technique
Page | 1
System Development Life Cycle(SDLC)
Systems Planning – It is the initial stage in the systems development life cycle
(SDLC). It is the fundamental process of understanding why an information
system should be built and determine how the project team will go about building
it. It describes how IT projects get started, how systems analysts evaluate
proposed projects, the feasibility of a project, and the reasoning behind the
proposed system development.
Systems Analysis – System analysts must do analysis activities when creating

a new system or improving an old system. If an information system is built
properly, it will give the expected benefits to the company. To achieve this goal,
system analysts define what the information system requires by performing the
analysis activities.
Page | 2
Systems Analysis Activities
The systems analysis phase consists of requirements modeling, and process

modeling, object modeling, and consideration of development strategies.
Watch the Lesson 07 Requirements.mp4 video.

Requirements Modeling
● Describes requirements modeling, which involves fact-finding to
describe the current system and identification of the requirements
for the new system. These requirements are:
▪ Inputs refer to necessary data that enters the system, either
manually or in an automated manner.
▪ Processes refer to system characteristics such as speed,
volume, capacity, availability, and reliability.
▪ Outputs refer to electronic or printed information produced by
the system.
▪ Performance refers to the logical rules that are applied to
transform the data into meaningful information.
Page | 3
▪ Security refers to hardware, software, and procedural
controls that safeguard and protect the system and its data
from internal or external threats.
Watch the IPO video: Lesson 07 Video 02 IPO.mp4
Flowchart
● Business flowchart shows the steps that make up a business
process, along with who's responsible for each step.
● They are useful for analyzing current processes, planning
improvements, and crystallizing communication between process
participants
Types of Flowchart:
● Document
• Illustrates the flow of documents and information
between areas of responsibility within an organization.
• A document flowchart is particularly useful in analyzing
the adequacy of control procedures.
Page | 4
● System
▪ System flowcharts depict the relationship among the input,
processing, and output of an AIS
● Program
▪ A program flowchart describes the specific logic to perform a
process shown on a systems flowchart
Check the following videos for further discussion on the Flowcharting process.
• Lesson 08 FlowCharting.mp4
• Flowchart Tutorial (with Symbols, Guide and Examples)
System Requirements
In the context of software development and system design, requirements are
statements that describe what the system should do or possess to meet the
needs of its users and stakeholders. These requirements can be broadly
categorized into two types: functional requirements and nonfunctional
requirements.
Examples of functional requirements for a website:

● Allow users to register and log in to their accounts.
● Provide a search functionality to find products or information.
● Enable users to add items to a shopping cart and proceed to checkout.
● Allow administrators to manage user accounts and product listings.
● Display real-time stock availability for products.
Non-functional Requirements:
Non-functional requirements, on the other hand, define the attributes and
qualities that describe how the system should perform, rather than what it should
do. These requirements focus on aspects related to system behavior,
performance, security, and user experience. Nonfunctional requirements
answer the question, "How well does the system perform?"
Examples of non-functional requirements for a website:

● Performance: The website should load within 3 seconds to provide a
good user experience.
Page | 5
● Scalability: The system should handle an increasing number of users
without significant performance degradation.
● Security: User passwords should be securely hashed and stored to
prevent unauthorized access.
● Usability: The website's interface should be intuitive and easy to navigate
for users of all experience levels.
● Reliability: The system should have at least 99.9% uptime, with minimal
downtime for maintenance.
It's important to note that both functional and non-functional requirements are
crucial for successful system development. Functional requirements define
what the system should achieve in terms of features and capabilities, while non-
functional requirements ensure the system meets the desired levels of
performance, quality, and user satisfaction. Both sets of requirements play a
key role in guiding the design, development, testing, and validation of the
system.
Systems Design – Systems Design is the third of five phases in the systems
development life cycle (SDLC). Now you are ready to begin the physical design
of the system that will meet the specifications described in the system
requirements document. Systems design tasks include output and user
interface design, data design, and system architecture.
A video by Johnny Khoury has explained how the Design Phase in SDLC
(Lesson07 video01 Design Phase in SDLC) works. It is all about the design
phase of creating a system.
System Design Guidelines:

The systems analyst must understand the logical design of the system before
beginning the physical design of any one component
● Data design
● User interface
● Architecture
● System design specification
Page | 6
System Design Objectives
The goal of systems design is to build a system that is effective, reliable, and
maintainable
● A system is effective if it meets all user needs and business requirements
● A system is reliable if it adequately handles errors
● A system is maintainable if it is well designed, flexible, and developed
with future modifications in mind
System Design Considerations

● User Considerations
▪ Carefully consider any point where users receive output from, or
provide input to, the system
▪ Anticipate future needs of the users, the system, and the
organization – hard-coded
▪ Provide flexibility
▪ Parameter, default
● Data Considerations
▪ Data should be entered into the system where and when it occurs
because delays cause data errors
▪ Data should be verified when it is entered, to catch errors
immediately
▪ Automated methods of data entry should be used whenever
possible
▪ Audit trail
▪ Every instance of entry and change to data should be logged
▪ Data should be entered into a system only once
▪ Data duplication should be avoided
● Design Trade-Offs
▪ Most design trade-off decisions that you will face come down to
the basic conflict of quality versus cost
▪ Avoid decisions that achieve short-term savings but might mean
higher costs later
Prototyping
Page | 7
The method by which a prototype is developed. It involves a repetitive
sequence of analysis, design, modeling, and testing. It is a common technique
that can be used to design anything from a new home to a computer network.
Prototyping Methods
● System prototyping - produces a full-featured, working model of the
information system. Because the model is “on track” for implementation,
it is especially important to obtain user feedback, and to be sure that the
prototype meets all requirements of users and management.
● Design prototyping or Throwaway prototyping – method of development
that employs technical mechanisms for reducing risk in a project, when
the project needs are vaguely and poorly laid out. The end product of
design prototyping is a user-approved model that documents and
benchmarks the features of the finished system.
● Prototyping offers many benefits
▪ Users and systems developers can avoid
misunderstandings
▪ Managers can evaluate a working model more effectively
than a paper specification ● Consider potential problems
▪ The rapid pace of development can create quality problems
▪ In very complex systems, the prototype becomes unwieldy
and difficult to manage
Prototyping Tools – systems analysts can use powerful tools to develop

prototypes
● CASE tools - Computer-aided systems engineering (CASE), also called
computer-aided software engineering, is a technique that uses powerful
software, called CASE tool, to help systems analysts develop and
maintain information systems.
● Application generators -A tool that supports the rapid development of
computer programs by translating a logical model directly into code. Also
called a code generator.
● Report generators - a computer program whose purpose is to take data
from a source such as a database, XML stream or a spreadsheet, and
Page | 8
use it to produce a document in a format which satisfies a particular
human readership
● Screen generators - or form painter, is an interactive tool that helps you
design a custom interface, create screens forms, and handle data entry
format and procedures.
Limitations of Prototypes
● A prototype is a functioning system, but it is less efficient than a fully
developed system
● Systems developers can upgrade the prototype into the final information
system by adding the necessary capability. Otherwise, the prototype is
discarded
Future Trends in Software Development

Many software development tools and technologies are in transition
● Web services
● Open source software
● Service-oriented architecture (SOA)
● Loose coupling
● Software quality is more important than ever
Here are some links on how to create prototypes:

● Create interactive prototypes with MS PowerPoint
● Pencil Project | Free UI Mockup Design Software
● Prototyping Tool for Mobile and Websites
● Build a WIX Website For FREE in 10 Minutes
Page | 9
User Interface
Describes how users interact with a computer system, and consists of all
the hardware, software, screens, menus, functions, output, and features that
affect two-way communications between the user and the computer.
Graphical User Interface - uses visual objects and techniques that allow users
to communicate effectively with the system.
Usability – user satisfaction, support for business functions, and system
effectiveness
● Process-control systems – allow users to send commands to the system
● User-centered systems – how users communicate with the information
system, and how the system supports the firm’s business operations
User interface requires the understanding of human-computer interactions and
user-centered design principles.
Human-Computer Interaction describes the relationship between computers
and people who use them to perform their jobs
Page | 10
Seven Habits of Successful Interface Designers:
1. Understand the Business
The interface designer must understand the underlying business
functions and how the system supports individual, departmental, and
enterprise goals. The overall objective is to design an interface that helps
users to perform their jobs.
2. Maximize Graphical Effectiveness

Studies show that people learn better visually. The immense popularity of
Apple’s iOS and Microsoft Windows is largely the result of their GUIs that
are easy to learn and use. A well-designed interface can help users learn a
new system rapidly and be more productive.
3. Think Like a User

The designer must learn to think like a user and see the system through
a user’s eyes. The interface should use terms and metaphors that are
familiar to users. Users are likely to have real-world experience with many
other machines and devices that provide feedback, such as automobiles,
ATMs, and microwave ovens. Based on that experience, users will expect
useful, understandable feedback from a computer system.
4. Use Models and Prototypes

From a user’s viewpoint, the interface is the most critical part of the system
design because it is where he or she interacts with the system — perhaps
for many hours each day. It is essential to construct models and prototypes
for user approval. An interface designer should obtain as much feedback as
possible, as early as possible.
5. Focus on Usability
The user interface should include all tasks, commands, and
communications between users and the information system. The opening
screen should show the main option. Each screen option leads to another
screen, with more options.
6. Invite Feedback
Even after the system is operational, it is important to monitor system
usage and solicit user suggestions. The analyst can determine if system
features are being used as intended by observing and surveying users.
Page | 11
7. Document Everything
All screen designs should be documented for later use by programmers.
Systems Implementation – This phase begins once the client has tested and
approved the system. The system is installed at this phase to support the
specified business functions. The performance of the system is compared to the
performance targets defined during the planning phase.
Systems Maintenance – System maintenance is a continuous operation that
includes eliminating program and design flaws, updating documentation and
test data, and updating user support.
Page | 12
MODULE 2
Unit 07: Systems Development Life Cycle

The aim of an SDLC methodology is to give IT Project Managers the tools they
need to assure the effective deployment of systems that meet the University's
strategic and business goals.
ROLE IN THE PROJECT PROPOSAL
System Analyst
● A systems analyst investigates, analyzes, designs, develops, installs,
evaluates, and maintains a company’s information systems.
● On large projects, the analyst works as a member of an IT department
team
● Smaller companies often use consultants to perform the work
SYSTEM DEVELOPMENT
System development is the process of defining, designing, testing and

implementing a software application. A system development project includes a
number of different phases, such as feasibility analysis, requirements analysis,
software design, software coding, testing and debugging, installation and
maintenance.
System Development Methods

Systems Development Life Cycle
● Predictive Approach
● Use of Process Models
● Process-centered technique
Page | 1
System Development Life Cycle(SDLC)
Systems Planning – It is the initial stage in the systems development life cycle
(SDLC). It is the fundamental process of understanding why an information
system should be built and determine how the project team will go about building
it. It describes how IT projects get started, how systems analysts evaluate
proposed projects, the feasibility of a project, and the reasoning behind the
proposed system development.
Systems Analysis – System analysts must do analysis activities when creating

a new system or improving an old system. If an information system is built
properly, it will give the expected benefits to the company. To achieve this goal,
system analysts define what the information system requires by performing the
analysis activities.
Page | 2
Systems Analysis Activities
The systems analysis phase consists of requirements modeling, and process

modeling, object modeling, and consideration of development strategies.
Watch the Lesson 07 Requirements.mp4 video.

Requirements Modeling
● Describes requirements modeling, which involves fact-finding to
describe the current system and identification of the requirements
for the new system. These requirements are:
▪ Inputs refer to necessary data that enters the system, either
manually or in an automated manner.
▪ Processes refer to system characteristics such as speed,
volume, capacity, availability, and reliability.
▪ Outputs refer to electronic or printed information produced by
the system.
▪ Performance refers to the logical rules that are applied to
transform the data into meaningful information.
Page | 3
▪ Security refers to hardware, software, and procedural
controls that safeguard and protect the system and its data
from internal or external threats.
Watch the IPO video: Lesson 07 Video 02 IPO.mp4
Flowchart
● Business flowchart shows the steps that make up a business
process, along with who's responsible for each step.
● They are useful for analyzing current processes, planning
improvements, and crystallizing communication between process
participants
Types of Flowchart:
● Document
• Illustrates the flow of documents and information
between areas of responsibility within an organization.
• A document flowchart is particularly useful in analyzing
the adequacy of control procedures.
Page | 4
● System
▪ System flowcharts depict the relationship among the input,
processing, and output of an AIS
● Program
▪ A program flowchart describes the specific logic to perform a
process shown on a systems flowchart
Check the following videos for further discussion on the Flowcharting process.
• Lesson 08 FlowCharting.mp4
• Flowchart Tutorial (with Symbols, Guide and Examples)
System Requirements
In the context of software development and system design, requirements are
statements that describe what the system should do or possess to meet the
needs of its users and stakeholders. These requirements can be broadly
categorized into two types: functional requirements and nonfunctional
requirements.
Examples of functional requirements for a website:

● Allow users to register and log in to their accounts.
● Provide a search functionality to find products or information.
● Enable users to add items to a shopping cart and proceed to checkout.
● Allow administrators to manage user accounts and product listings.
● Display real-time stock availability for products.
Non-functional Requirements:
Non-functional requirements, on the other hand, define the attributes and
qualities that describe how the system should perform, rather than what it should
do. These requirements focus on aspects related to system behavior,
performance, security, and user experience. Nonfunctional requirements
answer the question, "How well does the system perform?"
Examples of non-functional requirements for a website:

● Performance: The website should load within 3 seconds to provide a
good user experience.
Page | 5
● Scalability: The system should handle an increasing number of users
without significant performance degradation.
● Security: User passwords should be securely hashed and stored to
prevent unauthorized access.
● Usability: The website's interface should be intuitive and easy to navigate
for users of all experience levels.
● Reliability: The system should have at least 99.9% uptime, with minimal
downtime for maintenance.
It's important to note that both functional and non-functional requirements are
crucial for successful system development. Functional requirements define
what the system should achieve in terms of features and capabilities, while non-
functional requirements ensure the system meets the desired levels of
performance, quality, and user satisfaction. Both sets of requirements play a
key role in guiding the design, development, testing, and validation of the
system.
Systems Design – Systems Design is the third of five phases in the systems
development life cycle (SDLC). Now you are ready to begin the physical design
of the system that will meet the specifications described in the system
requirements document. Systems design tasks include output and user
interface design, data design, and system architecture.
A video by Johnny Khoury has explained how the Design Phase in SDLC
(Lesson07 video01 Design Phase in SDLC) works. It is all about the design
phase of creating a system.
System Design Guidelines:

The systems analyst must understand the logical design of the system before
beginning the physical design of any one component
● Data design
● User interface
● Architecture
● System design specification
Page | 6
System Design Objectives
The goal of systems design is to build a system that is effective, reliable, and
maintainable
● A system is effective if it meets all user needs and business requirements
● A system is reliable if it adequately handles errors
● A system is maintainable if it is well designed, flexible, and developed
with future modifications in mind
System Design Considerations

● User Considerations
▪ Carefully consider any point where users receive output from, or
provide input to, the system
▪ Anticipate future needs of the users, the system, and the
organization – hard-coded
▪ Provide flexibility
▪ Parameter, default
● Data Considerations
▪ Data should be entered into the system where and when it occurs
because delays cause data errors
▪ Data should be verified when it is entered, to catch errors
immediately
▪ Automated methods of data entry should be used whenever
possible
▪ Audit trail
▪ Every instance of entry and change to data should be logged
▪ Data should be entered into a system only once
▪ Data duplication should be avoided
● Design Trade-Offs
▪ Most design trade-off decisions that you will face come down to
the basic conflict of quality versus cost
▪ Avoid decisions that achieve short-term savings but might mean
higher costs later
Prototyping
Page | 7
The method by which a prototype is developed. It involves a repetitive
sequence of analysis, design, modeling, and testing. It is a common technique
that can be used to design anything from a new home to a computer network.
Prototyping Methods
● System prototyping - produces a full-featured, working model of the
information system. Because the model is “on track” for implementation,
it is especially important to obtain user feedback, and to be sure that the
prototype meets all requirements of users and management.
● Design prototyping or Throwaway prototyping – method of development
that employs technical mechanisms for reducing risk in a project, when
the project needs are vaguely and poorly laid out. The end product of
design prototyping is a user-approved model that documents and
benchmarks the features of the finished system.
● Prototyping offers many benefits
▪ Users and systems developers can avoid
misunderstandings
▪ Managers can evaluate a working model more effectively
than a paper specification ● Consider potential problems
▪ The rapid pace of development can create quality problems
▪ In very complex systems, the prototype becomes unwieldy
and difficult to manage
Prototyping Tools – systems analysts can use powerful tools to develop

prototypes
● CASE tools - Computer-aided systems engineering (CASE), also called
computer-aided software engineering, is a technique that uses powerful
software, called CASE tool, to help systems analysts develop and
maintain information systems.
● Application generators -A tool that supports the rapid development of
computer programs by translating a logical model directly into code. Also
called a code generator.
● Report generators - a computer program whose purpose is to take data
from a source such as a database, XML stream or a spreadsheet, and
Page | 8
use it to produce a document in a format which satisfies a particular
human readership
● Screen generators - or form painter, is an interactive tool that helps you
design a custom interface, create screens forms, and handle data entry
format and procedures.
Limitations of Prototypes
● A prototype is a functioning system, but it is less efficient than a fully
developed system
● Systems developers can upgrade the prototype into the final information
system by adding the necessary capability. Otherwise, the prototype is
discarded
Future Trends in Software Development

Many software development tools and technologies are in transition
● Web services
● Open source software
● Service-oriented architecture (SOA)
● Loose coupling
● Software quality is more important than ever
Here are some links on how to create prototypes:

● Create interactive prototypes with MS PowerPoint
● Pencil Project | Free UI Mockup Design Software
● Prototyping Tool for Mobile and Websites
● Build a WIX Website For FREE in 10 Minutes
Page | 9
User Interface
Describes how users interact with a computer system, and consists of all
the hardware, software, screens, menus, functions, output, and features that
affect two-way communications between the user and the computer.
Graphical User Interface - uses visual objects and techniques that allow users
to communicate effectively with the system.
Usability – user satisfaction, support for business functions, and system
effectiveness
● Process-control systems – allow users to send commands to the system
● User-centered systems – how users communicate with the information
system, and how the system supports the firm’s business operations
User interface requires the understanding of human-computer interactions and
user-centered design principles.
Human-Computer Interaction describes the relationship between computers
and people who use them to perform their jobs
Page | 10
Seven Habits of Successful Interface Designers:
1. Understand the Business
The interface designer must understand the underlying business
functions and how the system supports individual, departmental, and
enterprise goals. The overall objective is to design an interface that helps
users to perform their jobs.
2. Maximize Graphical Effectiveness

Studies show that people learn better visually. The immense popularity of
Apple’s iOS and Microsoft Windows is largely the result of their GUIs that
are easy to learn and use. A well-designed interface can help users learn a
new system rapidly and be more productive.
3. Think Like a User

The designer must learn to think like a user and see the system through
a user’s eyes. The interface should use terms and metaphors that are
familiar to users. Users are likely to have real-world experience with many
other machines and devices that provide feedback, such as automobiles,
ATMs, and microwave ovens. Based on that experience, users will expect
useful, understandable feedback from a computer system.
4. Use Models and Prototypes

From a user’s viewpoint, the interface is the most critical part of the system
design because it is where he or she interacts with the system — perhaps
for many hours each day. It is essential to construct models and prototypes
for user approval. An interface designer should obtain as much feedback as
possible, as early as possible.
5. Focus on Usability
The user interface should include all tasks, commands, and
communications between users and the information system. The opening
screen should show the main option. Each screen option leads to another
screen, with more options.
6. Invite Feedback
Even after the system is operational, it is important to monitor system
usage and solicit user suggestions. The analyst can determine if system
features are being used as intended by observing and surveying users.
Page | 11
7. Document Everything
All screen designs should be documented for later use by programmers.
Systems Implementation – This phase begins once the client has tested and
approved the system. The system is installed at this phase to support the
specified business functions. The performance of the system is compared to the
performance targets defined during the planning phase.
Systems Maintenance – System maintenance is a continuous operation that
includes eliminating program and design flaws, updating documentation and
test data, and updating user support.
Page | 12
Unit 08: Computer and Internet Etiquette
As people continue to use technology in their everyday lives, from
communications to making transactions online, many have forgotten their
proper etiquette when using their computer systems and when interacting using
the Internet. Internet etiquette, also known as “Netiquette,” is essential in a
civilized work environment or personal relationship. Even though you aren't with
others in person, you should remember that they're still there, on the other end
of your communication. With the age of technology, threats to a computer
system is now more rampant, there is cyberbullying, hacking, harassment, and
other fraud techniques. There is no official list of netiquette rules or guidelines,
the idea is to respect other users and those online.
General Guidelines for Computer Etiquette

1. When communicating with people online, remember how you want to be
treated, that’s probably how others want to be treated too, with respect.
2. Always be aware that you are talking to a person, not a device. Be
courteous.
3. Adhere to the same standards of behavior online that you follow in real
life.
4. Know where you stand. Netiquette varies from domain to domain. What
is acceptable in a chat room may not be appropriate in a professional
forum so “lurk before you leap”.
5. Respect other people’s time and bandwidth.
6. Spelling and grammar count! Always check, recheck your posts and keep
your language appropriate.
7. Keep under control the posts or content that invoke rage, sadness,
humiliation, self-doubt, and others.
8. Respect other people’s privacy. Ask consent for everything! From posts
sharing, to citations, to using of materials and more.
9. Help out those people who are new to the technology.
10. Read, and research before asking. Try not to waste other people’s time.
11. Some emotions and meanings do not transmit very well in an email or a
post. However, do not use all caps if you want to communicate strong
Page | 1
emotion. All caps will make you look like you’re shouting. Don’t overuse
smileys and emoticons because they make you look unprofessional.
Constructing your sentences carefully and editing what you write before
hitting send is often enough.
12. Remember that your posts and account can be easily traced back to you
even if you write under an alias or a made-up handle. You leave data
footprints whenever you’re online. These are stored and can be retrieved.
Even when using incognito. Always be a decent and responsible netizen.
Ten Commandments of Computer Ethics

1. Thou shalt not use a computer to harm other people – If it is unethical to
harm people by making a bomb, for example, it is equally bad to write a
program that handles the timing of the bomb. Or, to put it more simply, if
it is bad to steal and destroy other people’s books and notebooks, it is
equally bad to access and destroy their files.
2. Thou shalt not interfere with other people’s computer work – Computer
viruses are small programs that disrupt other people’s computer work by
destroying their files, taking huge amounts of computer time or memory,
or by simply displaying annoying messages.
Generating and consciously spreading computer viruses is unethical.
3. Thou shalt not snoop around in other people’s computer files – Reading
other people’s email messages is as bad as opening and reading their
letters: This is invading their privacy. Obtaining other people’s non-public
files should be judged the same way as breaking into their rooms and
stealing their documents.
4. Thou shalt not use a computer to steal – Using a computer to break into
the accounts of a company or a bank and transferring money should be
judged the same way as robbery. It is illegal and there are strict laws
against it.
5. Thou shalt not use a computer to bear false witness – The Internet can
spread untruth as fast as it can spread truth. Putting out false
"information" to the world is bad. For instance, spreading false rumors
about a person or false propaganda about historical events is wrong.
Page | 2
6. Thou shalt not copy or use proprietary software for which you have not
paid – Software is an intellectual product. In that way, it is like a book:
Obtaining illegal copies of copyrighted software is as bad as
photocopying a copyrighted book. There are laws against both.
Information about the copyright owner can be embedded by a process
called watermarking into pictures in the digital format.
7. Thou shalt not use other people’s computer resources without

authorization or proper compensation – Multiuser systems use user id’s
and passwords to enforce their memory and time allocations, and to
safeguard information. You should not try to bypass this authorization
system. Hacking a system to break and bypass the authorization is
unethical.
8. Thou shalt not appropriate other people’s intellectual output – For
example, the programs you write for the projects assigned in this course
are your own intellectual output. Copying somebody else’s program
without proper authorization is software piracy and is unethical.
Intellectual property is a form of ownership, and may be protected by
copyright laws.
9. Thou shalt think about the social consequences of the program you are
writing or the system you are designing – You have to think about
computer issues in a more general social framework: Can the program
you write be used in a way that is harmful to society? For example, if you
are working for an animation house, and are producing animated films
for children, you are responsible for their contents. Do the animations
include scenes that can be harmful to children? In the United States, the
Communications Decency Act was an attempt by lawmakers to ban
certain types of content from Internet websites to protect young children
from harmful material. That law was struck down because it violated the
free speech principles in that country's constitution. The discussion, of
course, is going on.
10. Thou shalt always use a computer in ways that ensure consideration and
respect for your fellow humans – Just like public buses or banks, people
using computer communications systems may find themselves in
situations where there is some form of queuing and you have to wait for
Page | 3
your turn and generally be nice to other people in the environment. The
fact that you cannot see the people you are interacting with does not
mean that you can be rude to them.
References
● https://explorable.com/hawthorne-effect
● https://methods.sagepub.com/book/key-concepts-in-social-
research/n22.xml
● https://online.visual-paradigm.com/diagrams/tutorials/use-case-
diagram-tutorial/
● https://sites.google.com/site/2012itcs371devsec3fuzzysystem3/3
● https://www.investopedia.com/terms/c/click_and_mortar.asp
● https://www.mbaskool.com/business-concepts/marketing-and-strategy-
terms/2587click-only-companies.html
● https://www.sciencedirect.com/topics/computer-science/sequence-
diagram
● https://www.slideshare.net/fajarbaskoro/systems-request
● https://www.tutorialspoint.com/software_engineering/case_tools_overvi
ew.htm
● https://www.visualparadigm.com/support/documents/vpuserguide/2821/
286/7114_drawingbusin.html
● https://www.youtube.com/watch?v=DMPxxijmG7M&fbclid=IwAR0hx6Uo
4PSlgqmMmAO eX4e_R6mq0s4nMw-iwcXUOiixRkvkHeWxK8UTQj8
● https://www.youtube.com/watch?v=rAR5sbaphwU&fbclid=IwAR3EXVa8
Rag6iV8zFswXcF hRFOB_FaiEa7QD6QMukGoyaiQ6cRLH30xiCtY
● McCombes, S. (2020, January 13). How to Do a Case Study: Examples
and Methods.
Retrieved June 7, 2020, from
https://www.scribbr.com/methodology/case-study/
● NewLeaf. (2012). ROI or Payback Period? Retrieved June 7, 2020, from
https://newleafllc.com/2012/08/roi-or-payback-period/
● Requirements Modeling. Part 1
https://www.youtube.com/watch?v=2t0ichoFHG8 Part 2
https://www.youtube.com/watch?v=1u5KQh_B1_U
● ROSENBLATT, H. (2014) Systems Analysis and Design, 10th edition.
Shelly Cashman Series. Cengage Learning
● Top five causes of scope creep ... and what to do about them. A Guide to
the Project Management Body of Knowledge (PMBOK® Guide)—Fourth
edition https://www.pmi.org/learning/library/top-five-causes-scope-
creep-6675
Page | 4
● Feronika, N. (2018, January 15). Systems Analysis Activities. School of
Information Systems. https://sis.binus.ac.id/2018/01/15/systems-
analysis-activities/
● System Development Lifecycle (SDLC) | Michigan Tech Information
Technology. (n.d.). Michigan Technological University.
https://www.mtu.edu/it/security/policies-
proceduresguidelines/information-security-program/system-
development-lifecycle/
● Thakur, D. (2013, January 30). What is system maintenance? What are
its different types. Computer Notes.
https://ecomputernotes.com/mis/implementation-andevaluation/what-is-
system-maintenance-what-are-its-different-types
Page | 5
Unit 09: Computer and Cybersecurity
The vulnerabilities of a computer system should not be left alone for
perpetrators. We should prevent perpetrators from gaining access to our
computer systems. To ensure that information presented by your computer
system is reliable and not prone to computer fraud and malware.
Computers and the internet have transformed the lives of many people in many
good ways. Unfortunately, this vast network and its associated technologies
also have a number of security threats. It is our duty to protect ourselves from
these threats and attacks. Scammers, hackers and identity thieves are looking
to steal your personal information - and your money.
Computer security, the protection of computer systems and information from

harm, theft, and unauthorized use. Computer hardware is typically protected by
the same means used to protect other valuable or sensitive equipment, namely,
serial numbers, doors and locks, and alarms. The protection of information and
system access, on the other hand, is achieved through other tactics, some of
them quite complex. Computer security deals with the protection of computer
systems and information from harm, theft, and unauthorized use.
Cyber security is the practice of defending computers, servers, mobile devices,

electronic systems, networks, and data from malicious attacks. It's also known
as information technology security or electronic information security. The term
applies in a variety of contexts, from business to mobile computing, and can be
divided into a few common categories.
● Network security is the practice of securing a computer network from
intruders, whether targeted attackers or opportunistic malware.
● Application security focuses on keeping software and devices free of

threats. A compromised application could provide access to the data its
designed to protect. Successful security begins in the design stage, well
before a program or device is deployed.
● Information security protects the integrity and privacy of data, both in

storage and in transit.
● Operational security includes the processes and decisions for handling

and protecting data assets. The permissions users have when accessing
Page | 1
a network and the procedures that determine how and where data may
be stored or shared all fall under this umbrella.
● Disaster recovery and business continuity define how an organization

responds to a cybersecurity incident or any other event that causes the
loss of operations or data. Disaster recovery policies dictate how the
organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan
the organization falls back on while trying to operate without certain
resources.
● End-user education addresses the most unpredictable cyber-security

factor: people. Anyone can accidentally introduce a virus to an otherwise
secure system by failing to follow good security practices. Teaching users
to delete suspicious email attachments, not plug in unidentified USB
drives, and various other important lessons is vital for the security of any
organization.
Security is a constant worry when it comes to information technology. Data theft,

hacking, malware and a host of other threats are enough to keep any IT
professional up at night. We’ll look at the basic principles and best practices that
allow users to keep their systems safe. Individuals and companies must employ
the best security measures suitable to their needs to prevent fraudulent
activities.
Figure 02-C: CIA Triad
Page | 2
The goal of information security follows three main principles:
1. Confidentiality is ensuring that information is available only to the
intended audience – An organization obtains or creates a piece of
sensitive data that will be used in the course of its business operations.
Because the data is sensitive, that data should only be able to be seen
by the people in the organization that need to see it in order to do their
jobs. It should be protected from access by unauthorized individuals.
2. Integrity is protecting information from being modified by unauthorized
parties – Integrity involves maintaining the accuracy, consistency and
trustworthiness of data. Data must not be changed whilst at rest or in
transit by unauthorized individuals (which would demonstrate a breach of
confidentiality). Integrity of data is commonly ensured by implementing
security measures such as file permissions and access control models.
Version controls can also be utilized to avoid changes to data made
accidentally by authorized individuals.
3. Availability is protecting information from being modified by unauthorized
parties – When the individual that needs that piece of data to perform a
job duty is ready to utilize it, it must be readily accessible (i.e. online) in
a timely and reliable manner so the job task can be completed on time
and the company can continue its processing. Availability means that
authorized individuals are able to access their data whenever they want.
Effectively executing all three principles of the Security Triad creates an ideal
outcome from an information security perspective.
Good Security Practices for Individuals

1. Install anti-virus and anti-malware software
Software may include bugs as discussed in the previous modules. To limit
the vulnerabilities, make sure that the instructions for install of a software
is followed, the acquisition of the software is legitimate. Anti-virus and
anti-malware should also be installed and kept up to date.
Page | 3
2. Use a strong password
Reusing passwords or having the same password for multiple accounts,
websites, and other systems will become more vulnerable. Do not save
passwords on websites and devices that are unsecure. Remember to
change your passwords on a schedule to keep them fresh.
3. Log off public computers

Yes, the business centers and cybercafes that offer the use of a computer
system is convenient, but not secure. Since anyone can use them for
anything, they have probably been exposed to viruses, worms, trojans,
keyloggers, and other nasty malware. Should you use them at all? When
using a public area computer, be sure to completely log off when you are
finished using it.
4. Save and Back up

Some events may be inevitable like hardware failure and virus infection,
so be sure to save every now and then. Also back up important
information that is important to you. Make sure to verify if the files you’ve
saved can be easily restored.
5. Limit social network information

Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other
social networks have become an integral part of our online lives. Social
networks are a great way to stay connected with others, but you should
be wary about how much personal information you post. Learn how to
use the privacy and security settings to protect yourself, keep personal
information personal, know and manage your friends, know what to do if
you encounter a problem.
6. Download files legally

Avoid peer-to-peer (P2P) networks and remove any file-sharing clients
already installed on your system. Since most P2P applications have
worldwide sharing turned on by default during installation, you run the
risk of downloading viruses or other malware to your computer, and
having your personal and/or confidential information inadvertently shared
across the Internet, which could lead to identity theft.
Page | 4
7. Keep personal information safe
Do not divulge personal information online if you’re not sure about the
sender or the website. A common fraud, called "phishing", sends
messages that appear to be from a bank, shop or auction, giving a link
to a fake website and asking you to follow that link and confirm your
account details.
8. Lock your computer

Whenever you leave our devices unattended, make sure that your
device/s are locked.
9. Do not click on suspicious links or pop-up notifications

Avoid visiting unknown websites or downloading software from untrusted
sources. These sites often host malware that will automatically install
(often silently) and compromise your computer. If attachments or links in
the email are unexpected or suspicious for any reason, don't click on it,
just visit the actual sender website.
10. Keep applications up to date

Turn on automatic updating or make sure that all applications are also up
to date.
Definition of terms
● Firewall: A firewall is a network security device that monitors incoming
and outgoing network traffic and decides whether to allow or block
specific traffic based on a defined set of security rules.
● Hackers: A hacker is a person who breaks into a computer system. The
reasons for hacking can be many: installing malware, stealing or
destroying data, disrupting service, and more. Hacking can also be done
for ethical reasons, such as trying to find software vulnerabilities so they
can be fixed.
● Threats: A threat is anything that can compromise the confidentiality,
integrity, or availability of an information system.
● Vulnerability: A vulnerability is any weakness in the information
technology (IT) infrastructure that hackers can exploit to gain
unauthorized access to data.
Page | 5
Some of the most common threats to cybersecurity include:
● Malware: This refers to malicious software such as viruses, worms, and
Trojan horses that can infect computers and devices, steal sensitive
information, or damage systems.
● Phishing: This is the practice of sending fake emails or messages that
appear to come from a trustworthy source, such as a bank or a popular
website, in order to trick people into revealing sensitive information.
● Ransomware: This is a type of malware that encrypts a victim's files and
demands a ransom payment in exchange for the decryption key.
● Distributed Denial of Service (DDoS) attacks: These attacks overload a
website or online service with traffic, making it inaccessible to users.
● Insider threats: Refers to current or former employees, business
partners, contractors, or anyone who has had access to any systems or
networks in the past. can be considered an insider threat if they abuse
their access permissions.
● Man-in-the-middle attacks: Man-in-the-middle is an eavesdropping
attack, where a hacker/intruder intercepts and relays messages between
two parties in order to steal data.
● Advanced persistent threats (APTs): In an APT, an intruder or group of
intruders sneak into a system and remain undetected for an extended
period. The intruder leaves networks and systems intact to avoid
detection so that the intruder can spy on business activity and steal
sensitive data.
Information security, also known as InfoSec, refers to the processes and
tools designed and deployed to protect sensitive business information from
modification, disruption, destruction, and inspection.
Page | 6
Unit 10: Cybercrime Law
DISCLAIMER: The following material was copied with permission from the GIT
Lecture 9 - Cybercrime Laws in the Philippines.pptx presentation of Atty. Marco
Cunanan from PAO.
A Brief Retrospective View: How It All Started

The I LOVE YOU Worm
● On the year 2000 a Filipino named Onel De Guzman created a worm that
sent messages through email with an attachment: “LOVE-LETTER-
FORYOU.txt.vbs”
● When the attachment is opened, the file activates a code that sends an
instruction to forward the same email to all the contacts of the user
● The worm spread to e-mail accounts across the globe – including US and
Europe – overwhelming the email systems of private and government
organizations causing them to shut down resulting to estimated damages
worth millions of USD
● This prompted the FBI to identify the source of the worm, which was then
traced back to the Philippines
Page | 1
“It is not clear whether the author of the virus can even be prosecuted in the
Philippines, where computer use is still uncommon among ordinary citizens and cyber-
crimes are not yet define in the legal code.”
● Onel De Guzman was eventually arrested by the Philippine government

at the request of the FBI but was released shortly afterwards because
there was NO pre-existing Philippine laws that he violated
Republic Act 8792: Philippine E-Commerce Act Of 2000

The full title of R.A. 8792 is …
AN ACT PROVIDING FOR THE
RECOGNITION AND USE OF ELECTRONIC TRANSACTIONS AND
DOCUMENTS, PENALTIES FOR UNLAWFUL USE THEREOF AND
OTHER PURPOSES.
NOTE: R.A. 8792 was used to define certain illegal activities concerning the
use of various devices in an effort to provide a legal provision to deter
future actions similar to what Onel De Guzman did
PROVISIONS OF R.A. 8792

Chapter II of R.A. 8792 states the following provisions that is implemented by
this law:
Page | 2
Section 6. LEGAL RECOGNITION OF DATA MESSAGES
● ELECTRONIC DATA MESSAGES such text messages, e-mails, or any other
similar modes of communication done through electronic means [including
unaltered screenshots] has the same legal validity as physical messages
Section 7. LEGAL RECOGNITION OF ELECTRONIC DOCUMENTS

● ELECTRONIC DOCUMENTS shall have the legal effect, validity or
enforceability as any other document or legal writing.
NOTE: This provision gives softcopy of authentic documents the same legal
validity as physical documents
Section 8. LEGAL RECOGNITION OF ELECTRONIC SIGNATURES

● An ELECTRONIC SIGNATURE on the electronic document shall be
equivalent to the signature of a person on a written document
Chapter III of R.A. 8792 states the following penalties in violation of this law:
Section 33. PENALTIES
The following acts shall be penalized by fine and/or imprisonment:
1. HACKING/CRACKING
● Unauthorized access into a computer system/server or information and
communication system
● Any access with the intent to corrupt, alter, steal, or destroy using a
computer or computer system without the knowledge and consent of the
owner of the system
2. PIRACY
● Unauthorized copying, reproduction, storage, uploading, downloading,
communication, or broadcasting of protected material [..] through the use
of telecommunication networks, e.g. the Internet, in a manner that
infringes intellectual property.
3. Violations against R.A. 7394: The Consumer Act Of The Philippines ● R.A.
7394 was enacted primarily to protect the consumers …
… against hazards to health and safety, and
… against deceptive, unfair and unconscionable sales acts and
practices.
Page | 3
NOTE:
● Penalty for HACKING/CRACKING and PIRACY:
▪ Pay a fine amounting to a minimum of one hundred thousand
pesos (PhP 100,000) and a maximum that is commensurate to the
damage incurred and …
▪ Mandatory imprisonment of 6 months to 3 years.
● Penalty for violations against R.A. 7394 will be the same penalties as provided
by same law which is to pay a fine of PhP 20,000 to PhP 2000,000 and/or
imprisonment of 3 to 6 years
GUIDE QUESTION: R.A. 8792

Does connecting to an open WIFI network (e.g. WIFI with no password), without the
consent of the network owner, constitute a violation of RA 8792?
NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal or
destroy”
REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT

OF 2012
R.A. 10175 is an act that adopts sufficient powers to effectively prevent and
combat cybercrime offenses by facilitating their detection, investigation, and
prosecution at both the domestic and international levels
R.A. 10175 defines CYBERCRIME as a crime committed with or through the

use of information and communication technologies such as radio, television,
cellular phone, computer and network, and other communication device or
application.
JURISDICTION OF R.A. 10175

Who can be charged with violations of this law?
1. Any violation committed by a Filipino national regardless of the place of
commission.
2. Any of the [cybercrime] elements were committed within the Philippines
or committed with the use of any computer system wholly or partly
situated in the country.
Page | 4
3. When by such commission, any damage is caused to a […] person who,
at the time of the offense was committed, was in the Philippines

Chapter 2 – Section 4 lists the punishable acts under R.A. 10175
Section 4. CYBERCRIME OFFENSES

The following acts constitute the offense of cybercrime punishable under this
Act
(a) OFFENSES against the CONFIDENTIALITY, INTEGRITY and
AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS;
(b) COMPUTER-RELATED OFFENSES; and
(c) CONTENT-RELATED OFFENSES
SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and

AVAILABILITY (CIA) of COMPUTER DATA and COMPUTER SYSTEMS
The following acts under this cybercrime includes the following:
1. ILLEGAL ACCESS
The access to the whole or any part of a computer system without right.
NOTE:
● “access” is the instruction, communication with, storing/retrieving data
from or use of any resources of a computer system of network
● “without right” means having no consent from the owner of the
computer system
Does connecting to an open WIFI network (e.g. WIFI with no password), without
the consent of the network owner, constitute a violation of RA 8792?
NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal
or destroy”
YES! Illegal access is to “make use of any resources” without right
(consent)
Page | 5
2. ILLEGAL INTERCEPTION
The interception […] of computer data to, from, or within a computer
system.
NOTE:
● Interception is listening to, recording, monitoring or surveillance of the
content of communications through the use of electronic eavesdropping or
tapping devices at the same time that the communication is occurring
Illegal interception: Man-in-the-Middle Attack
3. DATA INTERFERENCE
The intentional or reckless alteration, damaging, deletion or
deterioration of computer data, electronic document or electronic
data message without right – including the introduction or
transmission of viruses NOTE:
Consider the following situation:
 A friend sent you a file on a flash drive infected with a virus
 Both of you is not aware that the flash drive is infected
 After you insert the flash drive in your computer, your computer get
infected and you lost your documents
Is your friend liable for any violation on RA 10175?
YES! Data interference includes “the intentional or reckless alteration,
damaging, deletion
or deterioration of computer data” – even if your friend has no malicious
intent it is still considered as “recklessness” in his/her part causing you
to lose your file
4. SYSTEM INTERFERENCE
The intentional alteration or reckless hindering or interference with the
functioning of a computer or computer network by inputting,
Page | 6
transmitting, damaging, deleting, deteriorating, altering or suppressing
computer data or program, electronic document, or electronic data
message, without right or authority, including the introduction or
transmission of viruses
NOTE:
● This is more or less an extension of the previous offense whereby the
affected entity is not just data but the whole system

Consider the same situation in the previous example:
 After you insert the flash drive in your computer, your computer
get infected and you lost all your files and the whole computer system
went into error Is your friend liable for any violation on RA 10175?
YES! Although it may be unintentional, data interference and system

interference was committed
● SYSTEM INTERFERENCE EXAMPLE: CRYPTOJACKING or
CRYPTOMINING MALWARE
 Refers to software programs and malware components developed to
take over a computer’s resources and use them for cryptocurrency
mining without the user’s explicit permission
 When you download through torrent sites like “thepiratebay”, you
basically give them the authority to use your computer’s CPU to “mine”
cryptocurrencies – the reason why downloading a lot of torrent file can
cause your computer to heat up
● SYSTEM INTERFERENCE EXAMPLE: WEBSITE DEFACING
Page | 7
COMELEC website defaced by Anonymous Philippines (March 27,
2016)
5. MISUSE OF DEVICE
The unauthorized use, production, sale, procurement, distribution or
otherwise making available of:
i. A device designed for committing any offenses under this Act ii.
A computer password, access code, or similar data by which […] a
computer system is […] accessed with the intent of committing
any offenses under this act
NOTE:
MISUSE OF DEVICE EXAMPLE: SKIMMING DEVICES and KEYLOGGERS
6. CYBER-SQUATTING
The acquisition of a domain name on the internet in bad faith to profit,
mislead, destroy reputation, and deprive others from registering the
same
It is cyber squatting if the domain name that was acquired is:
i. Similar, identical or confusingly similar to an existing government-
registered trademark;
ii. In case of a personal name, identical or in any way similar with the
name of a person other than the registrant; and
iii. Acquired without right or with intellectual property interests in it
NOTE:
● CYBER-SQUATTING SAMPLE CASE: MikeRoweSoft.com
Page | 8
 In January 2004, Mike Rowe was a grade 12 student who operated a
profitable web design business as a part time job.
 He registered the website with the domain name MikeRoweSoft.com
 Lawyers from Microsoft asked him to stop using the website and Mike
Rowe complied after an undisclosed settlement with the company
SECTION 4 (b) COMPUTER-RELATED OFFENSES

The following are considered as computer-related offenses:
1. Computer-related FORGERY
There are two ways where computer-related forgery can be committed:
a. The input, alteration, or deletion of any computer data without right
resulting in inauthentic data with the intent that it be considered or
acted upon for legal purposes as if it were authentic
b. The act of knowingly using computer data which is the product of
computer-related forgery for the purpose of perpetuating a
fraudulent or dishonest design
NOTE:
● COMPUTER-RELATED FORGERY EXAMPLE:
Hacking into the SLU Student Portal to change your grade from 65 to 95
Since NO MONETARY VALUE is involved, this is considered as “forgery” and
not “fraud”
2. Computer-related FRAUD
The unauthorized input, alteration, or deletion of computer data or
program or interference in the functioning of a computer system,
causing damage thereby with fraudulent intent
NOTE:
● The ONLY difference between forgery and fraud is if the damage incurred
has a monetary value.
● COMPUTER-RELATED FRAUD EXAMPLES:
 Hacking into a bank’s database and changing your account balance from
PhP 500 to PhP 5,000
 Asking people to send you a “prepaid load” by pretending to be a
“relative from abroad”
3. Computer-related IDENTITY THEFT
Page | 9
● The intentional acquisition, use, misuse, transfer, possession,
alteration or deletion of identifying information belonging to another
[person] without right
NOTE:
● COMPUTER-RELATED IDENTIFY THEFT EXAMPLE:
Those fake social media accounts that has a user profile that contains
“identifying information” – like picture or name – belonging to another
person with the intention of using it for malicious purposes, such as
pretending to be the actual person even if it is not
SECTION 4 (c) CONTENT-RELATED OFFENSES

The following are considered as content-related offenses:
1. CYBERSEX
● The willful engagement, maintenance, control or operation – directly
or indirectly – any lascivious exhibition of sexual organs or sexual
activity, with the aid of a computer system, for favor or consideration
NOTE:
Assume that two individuals, who happen to be real-life partners, gave their
consent to each other to record their sexual act.
Is this a case of cybersex?
NO! Since both parties consented and even if these acts are publicly
denounced, they do NOT constitute to cybersex since the act is NOT done
for “any favour or consideration” and without the element of “engagement
in business”
2. CHILD PORNOGRAPHY
● The unlawful or prohibited acts defined and punishable by R.A. 9775:
The Anti-Child Pornography Act of 2009 committed through a
computer system
● This includes any representation – whether visual or audio – by
electronic or any other means of a child engaged or involved in real
or simulated explicit sexual activities NOTE:
Are “hentai” clips – sexually explicit Japanese comics or anime – considered as
a violation of this law?
NO … unless the hentai clip itself contains a character which is explicit
identified as a minor. If so, the said material is prohibited and the
creator/distributor of the said material are liable for violation of this law.
Page | 10
3. ONLINE LIBEL
● Libel is the public and malicious imputation of a crime – real or
imaginary – or any act, omission, condition, status or circumstance
tending to cause the dishonor, discredit, or contempt of a […] person,
or to blacken the memory of the dead
● FOUR ELEMENTS OF LIBEL

a. Allegations of a discreditable act or condition concerning
another;
b. Publication of the charge;
c. The person being defamed is clearly identified; and
d. Existence of malice.
NOTE:
Assume that someone posted this unfounded claim on social media:
“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG

“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”
Did the person who posted commit online libel?
YES! All the FOUR ELEMENTS OF LIBEL is present!
a. FALSE ALLEGATION: MAGNANAKAW KA! KAYONG DALAWA NG
NANAY MO!
b. PUBLICATION: Allegation was posted on social media
c. PERSON DEFAMED is IDENTIFIED: Maria David and her mother
d. EXISTENCE OF MALICE: Even though unfounded, the post was
published nonetheless
If you LIKED/REACTED to the post above, are you liable?

NO! LIKING or REACTING may be a sign of approval to the said post but
NO
STATEMENT was mentioned – none of the FOUR ELEMENTS OF LIBEL is
present!
If you SHARED the said post, are you liable?

NO! The libelous statement was NOT made by the person who SHARED it!
Page | 11
If you COMMENTED on the said post with “OO NGA!”, are you liable?
NO! Similar to LIKING or REACTING, commenting “OO NGA!” does not
discredit or allege Maria David – none of the FOUR ELEMENTS OF LIBEL
is present!
If you COMMENTED on the said post with “OO NGA! MAGNANAKAW
KAYONG MAG-
INA”, are you liable?
YES! This statement is not merely an approval but also states an
allegation towards Maria David and her mother.
This makes the person liable for libel since the comment can be seen
publicly as well.
PRIVACY UNDER THE CIVIL CODE

THE RIGHT TO PRIVACY
This is the right of an individual “to be free from unwarranted publicity, or to live
without unwarranted interference by the public in matters in which the public is
not necessarily concerned.”
GUIDE QUESTION: RIGHT TO PRIVACY
Does the state (i.e. the government) have the right to disturb private individuals in
their homes?
NO! The State recognizes the right of the people to be secure in their houses.
No one, not even the State, except "in case of overriding […] and only under the
stringent procedural safeguards," can disturb them in the privacy of their
homes.
REPUBLIC ACT 386: CIVIL CODE OF THE PHILIPPINES

(1950)
Article 26: Every person shall respect the dignity, personality, privacy and peace
of mind of his neighbors and other persons.
Page | 12
The following and similar acts, though they may not constitute a criminal
offense, shall produce a cause of action for damages, prevention and other
relief:
(1) Prying into the privacy of another's residence;
(2) Meddling with or disturbing the private life or family relations of another;
(3) Intriguing to cause another to be alienated from his friends;
(4) Vexing or humiliating another on account of his religious beliefs, lowly
station in life, place of birth, physical defect, or other personal condition.
May an individual installs surveillance cameras on his own property facing the
property of another? (Hing vs. Choachuy 2013)
NO! A man’s house is his castle, where his right to privacy cannot be denied or
even restricted by others.
It includes any act of intrusion into, peeping or peering inquisitively into the
residence of another without the consent of the latter.
NOTE on the INSTALLATION of CAMERAS:
The installation of surveillance cameras, should NOT cover places where there is
reasonable expectation of privacy, unless the consent of the individual – whose
right to privacy would be affected – was obtained.
Sample Case: (Zulueta vs C.A., 1996)

Situation:
• Cecilia entered the clinic of Dr. Martin – her husband – and in the
presence of witnesses, forcibly opened the drawers and cabinet and took
157 documents and papers consisting of greetings cards, cancelled
checks, diaries, and photographs between Dr. Martin and his alleged
paramours.
• The said documents were used as evidence in legal separation case.
Was the right to privacy of Dr. Martin violated?
YES! In the decision of the court: “A person, by contracting marriage, does not
shed his/her integrity or his right to privacy as an individual and the
constitutional protection is ever available to him or to her.”
The documents and papers are inadmissible as evidence since the way they
were gathered violated the right to privacy of Dr. Martin
Page | 13
REASONABLE EXPECTATION OF PRIVACY
Also known as the “right to be left alone”, refers to the right of a person to “expect
privacy” in places and/or situations that the community generally accepts as
“quite reasonable”
For instance, there are certain instances that a person assumes that there is
reasonable expectation of privacy such that at that particular moment nobody
can see or hear him/her.
GUIDE QUESTION: REASONABLE EXPECTATION OF PRIVACY
Does an employee have a reasonable expectation of privacy in the workplace?
According to a court decision, an employee have LESS or NO expectations of
privacy in the workplace.
For instance, CCTV cameras may be watching an employee’s every move while
inside the company grounds. The only place where there is reasonable
expectation of privacy is inside the toilet facilities of the company.
REPUBLIC ACT 9995: ANTI-PHOTO AND VIDEO

VOYEURISM ACT OF 2009
Included under the REASONABLE EXPECTATION OF PRIVACY is that any
person believes that:
● He/she could disrobe in privacy, without being concerned that an image
or a private area of the person was being captured;
● The private area of the person would not be visible to the public,
regardless of whether that person is in a public or private place.

What does “PRIVATE AREA OF A PERSON” include?
The “private area of a person” includes naked or undergarment-clad genitals,

pubic area, buttocks, or the female breast of an individual
Section 4: PROHIBITED ACTS.

It is hereby prohibited and declared unlawful for any person:
(a) To TAKE photo or video coverage of a person or group of persons
performing sexual act or any similar activity or to capture an image of the
private area of a person without the consent of the person involved and
Page | 14
under circumstances in which the person/s has/have a reasonable
expectation of privacy;
(b) To COPY or REPRODUCE […] such photo or video or recording of (a);
(c) To SELL or DISTRIBUTE […] such photo or video or recording of (a); or
(d) To PUBLISH or BROADCAST […] of (a) through VCD/DVD, Internet,
cellular phones and other similar means or device.
GUIDE QUESTION: PROHIBITED ACTS of R.A. 9995

Will one be liable for the non-commercial copying or reproduction of said photo or
video – e.g. copy or reproduce for free without asking for money?
YES! The mere copying or reproduction of said material will make one liable
under the law regardless of the reason or whether one profits or not from such
act.
If the persons in the photo knew and consented to the video recording or taking of the
photo, can anyone reproduce, distribute, or broadcast it?
NO! The person merely consented to the taking of the photo or the video
recording and did not give written consent for its reproduction, distribution,
and broadcasting.
Section 4: PENALTIES.
The penalty for the commission of any of the prohibited acts above are as
follows:
● Imprisonment of 3 years to 7 years imprisonment; and
● Fine of Php 100,000.00 to Php 500,000.00
REPUBLIC ACT 10173: DATA PRIVACY ACT OF 2012

PURPOSE
1. PROTECTS THE PRIVACY OF INDIVIDUALS while ensuring free flow
of information to promote innovation and growth.
2. REGULATES the collection, recording, organization, storage, updating or
modification, retrieval, consultation, use, consolidation, blocking, erasure
or destruction of PERSONAL DATA.
3. Ensures that the Philippines COMPLIES WITH INTERNATIONAL
STANDARDS set for data protection.
Page | 15
DEFINITION OF TERMS
1. PERSONAL INFORMATION CONTROLLER (PIC)
The individual, corporation, or body who decides what to do with data.
2. PERSONAL INFORMATION PROCESSOR (PIP)

One who processes data for a PIC. The PIP does not process information
for the PIP’s own purpose.
3. CONSENT OF THE DATA SUBJECT

Any freely given, specific, informed indication of will, whereby the data
subject agrees to the collection and processing of personal information
about and/or relating to him or her.
The agreement must inform:
a. Purpose, nature, and extent of processing;
b. Period of consent/instruction;
c. Rights as a data subject.
4. BREACH
A security incident that:
a. Leads to unlawful or unauthorized processing of personal,
sensitive, or privileged information;
b. Compromises the availability, integrity, or confidentiality of
personal data.
PERSONAL INFORMATION vs SENSITIVE PERSONAL

INFORMATION
PERSONAL INFORMATION SENSITIVE PERSONAL INFORMATION
Any personal information about a Any information or opinion about a
particular individual that can be particular individual that may be used to
used in identifying a person. harm or discriminate a person.
This includes, but not limited to: This includes, but not limited to:
• Name • Race or ethnic origin
• Phone number • Criminal record
• Address • Religious affiliations
• E-mail address • Medical record
Page | 16
PROCESSING OF PERSONAL INFORMATION
The processing of personal information shall be allowed if it adheres to ALL the
following:
1. PRINCIPLES OF TRANSPARENCY
● The data subject must know:
a. What personal data will be collected
b. How the personal data will be collected
c. Why personal data will be collected
● The data processing policies of the PIC must be known to the data
subject.
● The information to be provided to the data subject must be in clear
and plain language.
2. LEGITIMATE PURPOSE PRINCIPLE

● Data collected must be always be collected only for the specific,
explicit, and legitimate purposes of the PIC.
● Data that is not compatible with the purpose [of the data collection]
shall not be processed.
3. PRINCIPLE OF PROPORTIONALITY
● The amount of data collected for processing should be adequate,
relevant, and not excessive in proportion to the purpose of the
data processing.
● Efforts should be made to limit the processed data to the minimum
necessary.
PROCESSING OF SENSITIVE PERSONAL INFORMATION

The processing of sensitive personal information shall be allowed if it adheres
to ONE of the following:
1. The consent of data subject has to be given;
2. The processing is necessary and is related to the fulfillment of a contract
with the data subject or in order to take steps at the request of the data
subject prior to entering into a contract;
Page | 17
3. The processing is necessary for compliance with a legal obligation to
which the PIC is subject;
4. The processing is necessary to protect vitally important interests of the
data subject, including life and health;
5. The processing is necessary in order to respond to national emergency,
to comply with the requirements of public order and safety, or to fulfill
functions of public authority […]; or
6. The processing is necessary for the purposes of the legitimate interests
pursued by the PIC […], except where such interests are overridden by
fundamental rights and freedoms of the data subject […]
RIGHTS OF THE DATA SUBJECT

1. Right to be INFORMED
● This is the right to be informed that your personal data shall be,
are being, or have been processed.
● The disclosure must be made before the entry of the data into the
processing system or at the next practical opportunity
2. Right to OBJECT
● The right to refuse to the processing of personal data.
● This includes the right to be given an opportunity to withhold
consent to the processing in case of any changes or any
amendment to the information supplied or declared.
3. Right to ACCESS
● The right to find out whether a PIC holds any personal data about
you.
4. Right to RECTIFICATION
● This involves the right to dispute the inaccuracy or error in the
personal data and have the PIC correct it immediately.
● It also includes access to new and retracted information, and
simultaneous receipt thereof.
Page | 18
● Recipients previously given erroneous data must be informed of
inaccuracy and rectification upon reasonable request of the data
subject.
5. Right to ERASURE OR BLOCKING

● This is the right to suspend, withdraw, or order the blocking,
removal, or destruction of his/her personal information from the
PIC’s filing system
● The right to erase or block can be invoked in the following
circumstances:
◼ There are data which are incomplete, outdated, false, or
unlawfully obtained.
◼ The data was used for unauthorized purposes.
◼ The data is no longer necessary for purposes of collection.
◼ The processing of data was found to be unlawful.
◼ The PIC or PIP violated the rights of the data subject.
6. Right to DAMAGES
● This is the right to be receive compensation for any damages
sustained due to inaccurate, incomplete, outdated, false,
unlawfully obtained, or unauthorized use of personal data.
● If there are circumstances where you discovered that your
personal data was mishandled, you have the right to ask for
compensation for the damage it has caused you.
7. Right to DATA PORTABILITY

● The right to obtain a copy of data undergoing processing in [a
commonly used] electronic or structured format that allows for
further use by the data subject.
● Takes into account the right to have control over personal data
being processed based on consent, contract, for commercial
purposes, or through automated means.
8. Right to FILE A COMPLAINT

● The right to file a complaint in circumstances wherein the PIC or
the PIP has breached the privacy of the data subject
Page | 19
May a teacher/professor search the contents of a student’s cellular phone?
NO! Any search through a student’s cellular phone without justification under a
law or regulation is UNLAWFUL, and may be considered as “unauthorized
processing of data”
However, there are exceptions:
• If it was done with student’s consent [except if the student is a minor]
• If it is required by the student’s life and health, or by national emergency.
Is an implied (indirect) form of consent valid?

Example:
“By continuing to avail of xxx products and services:, you explicitly
“authorize xxx, its employees, duly authorized representatives,
“related companies and third-party service providers, to use, process
“and share personal data needed in the administration of your xxx”
NO! Consent under the Data Privacy Act has three requirements, none of which
are seen in an implied consent:
• Consent must be freely given;
• Details about what consent is being asked must be specific; and
• There must be an informed indication of will.
Are handwritten signatures considered sensitive personal information?
NO! It is possible that one may share a similar signature as another person.
Moreover, some signatures do not, in any way, show signs of identity of a
person.
However, these may be considered personal information when used to identify
an individual such as a signature affixed on the name of a person.
Are usernames, password, IP and MAC address, location cookies and birthday
(month and day only) are considered personal information?
YES!*
* Only when they are combined with other pieces of information that may allow
an individual to be distinguished from others.
PROHIBITED ACTS OF R.A. 10173

1. Unauthorized processing of personal information and sensitive personal
information Process (sensitive) personal information without the consent
of the data subject or without being authorized under the Data Privacy
Act or any other law.
Page | 20
2. Accessing personal information and sensitive personal information due
to negligence Provided access to (sensitive) personal information due to
negligence or was unauthorized under the Data Privacy Act or any
existing law.
3. Improper disposal of (sensitive) personal information

Negligently dispose, discard or abandon the (sensitive) personal
information of an individual in an area accessible to the public or placed
the (sensitive) personal information of an individual in a container for
trash collection.
4. Processing of personal information and sensitive personal information for

unauthorized purposes
Process personal information for purposes not authorized by the data
subject or not otherwise authorized by the Data Privacy Act or under
existing laws.
5. Unauthorized access or intentional breach

Knowingly and unlawfully violate data confidentiality and security data
systems where personal and sensitive personal information is stored.
6. Malicious disclosure
Discloses to a third party unwarranted or false information with malice or
in bad faith relative to any (sensitive) personal information obtained by
such PIC or PIP.
Unit 11: Security Controls

Security controls are a set of procedures and technological measures to ensure
secure and efficient operation of information within an organization, both
general and application controls for safeguarding information. These control
activities are applied throughout an organization. The most important general
controls are the measures that control access to computer systems and the
information stored or transmitted over telecommunication networks. General
controls include administrative measures that restrict employee access to only
those processes directly relevant to their duties, thereby limiting the damage an
employee can do.
Page | 21
IT security is about protecting things that are of value to an organization.
Security controls exist to reduce or mitigate the risk to those assets. They
include any type of policy, procedure, technique, method, solution, plan, action,
or device designed to help accomplish that goal. Recognizable examples
include firewalls, surveillance systems, and antivirus software.
There are two ways to classify controls in an organization: by type – physical,

technical, or administrative – and by function – preventive, detective, and
corrective.
Control Types
● Physical Controls – Describes anything tangible that’s used to prevent or
detect unauthorized access to physical areas, systems, or assets. This
includes gates, access cards, CCTVs, and motion sensors.
● Technical Controls – (also known as logical controls) Includes hardware
or software mechanisms used to protect assets. Common examples are
authentication solutions, firewalls, and antivirus software.
● Administrative Controls – Refers to policies, procedures, or guidelines
that define personnel or business practices in accordance with the
organization's security goals. These can apply to the hiring and
termination of employees, equipment and Internet usage, separation of
duties, and auditing.
Control Functions
● Preventive Controls – These is any security measure that is designed to
prevent or stop any malicious activity from happening. These can be
fences, alarms, and antivirus software.
● Detective Controls – These is any security measure taken or
implemented to detect and alert to unwanted or unauthorized activity in
progress or after it has occurred. It can be alerting guards or notifications
from a motion sensor.
● Corrective Controls – Any measures taken to repair damage or restore
resources and capabilities following an unauthorized or unwanted
activity. This may include rebooting the system, or terminating a process,
or quarantining a virus.
Page | 22
CONTROL FUNCTIONS
Preventive Detective Corrective

Fences, gates, CCTV and Repair physical
Physical locks surveillance damage, re-issue
camera logs access cards
Firewall, IPC, MFA Intrusion detection Patch a system,
solution, antivirussystems, terminate a
Technical software honeypots process, reboot a
system, quarantine
a virus
Hiring and Review access Implement a
termination rights, audit logs, business continuity
Administrative policies, separation and unauthorized place or incident
of duties, data changes response plan
classification
Table 02-A: Examples of Control Functions and Types
GRADED ACTIVITY 2
Part 1: Unit 3 (10 pts)

1. What use does the internet have for you? Explain in 3-5 sentences.
2. If you have a phone, a laptop, or any similar kinds of technology, which 2
apps or softwares do you use often to be more productive? Explain in no
more than 3 sentences each how you think these apps or softwares work
and what makes them useful for you.
1. Information is commonly referred to as processed data, data being the
raw material. The key factor here is that data needs to undergo certain
processes before it becomes information. With this in mind, give 5
examples of data being transformed into information. Present your work
in a creative and concise output that organizes the data, the process it
will undergo, and the resulting information.
Page | 23
2. Think of any business around you (your bank, convenience store, etc.)
and identify ways on how you think they can be more productive. Explain
in 3-5 sentences.
1. Computers perform many jobs that previously were performed by people.
Will computer-based transactions and expanded e-commerce eventually
replace person to-person contact? From a customer’s point of view, is
this better? Why or why not?
2. What types of information systems might a large company use?

Solve the following problem applying the method used in the video uploaded in
your powerpoint presentation. You may check: Lesson 07 Video 01 Payback
period
Problem. Assume the following cash flow for 2 projects. Assuming that the cash flows
are occurring at the end of the year. Find the payback period for both these projects.
Year Project 1 Project 2
0 -1000 -1000
1 600 100
2 400 400
3 200 600
4 200 600
5 100 700
Solution:
Content marketing can be a very hectic mess unless you organize it into clear
business processes. Consider the following process:
• The content writer takes up & finishes the first draft of an article. Includes
descriptions of any custom images that are to be used in the article
• The marketer gathers influencer contact information, to be used for advertising
and marketing once the article is done
• The editor proof-reads the article, makes points on grammar, style, spelling, etc.
• The designer creates custom images as asked, sending them over to the
content writer
Page | 24
Unit 08: Computer and Internet Etiquette
As people continue to use technology in their everyday lives, from
communications to making transactions online, many have forgotten their
proper etiquette when using their computer systems and when interacting using
the Internet. Internet etiquette, also known as “Netiquette,” is essential in a
civilized work environment or personal relationship. Even though you aren't with
others in person, you should remember that they're still there, on the other end
of your communication. With the age of technology, threats to a computer
system is now more rampant, there is cyberbullying, hacking, harassment, and
other fraud techniques. There is no official list of netiquette rules or guidelines,
the idea is to respect other users and those online.
General Guidelines for Computer Etiquette

1. When communicating with people online, remember how you want to be
treated, that’s probably how others want to be treated too, with respect.
2. Always be aware that you are talking to a person, not a device. Be
courteous.
3. Adhere to the same standards of behavior online that you follow in real
life.
4. Know where you stand. Netiquette varies from domain to domain. What
is acceptable in a chat room may not be appropriate in a professional
forum so “lurk before you leap”.
5. Respect other people’s time and bandwidth.
6. Spelling and grammar count! Always check, recheck your posts and keep
your language appropriate.
7. Keep under control the posts or content that invoke rage, sadness,
humiliation, self-doubt, and others.
8. Respect other people’s privacy. Ask consent for everything! From posts
sharing, to citations, to using of materials and more.
9. Help out those people who are new to the technology.
10. Read, and research before asking. Try not to waste other people’s time.
11. Some emotions and meanings do not transmit very well in an email or a
post. However, do not use all caps if you want to communicate strong
Page | 1
emotion. All caps will make you look like you’re shouting. Don’t overuse
smileys and emoticons because they make you look unprofessional.
Constructing your sentences carefully and editing what you write before
hitting send is often enough.
12. Remember that your posts and account can be easily traced back to you
even if you write under an alias or a made-up handle. You leave data
footprints whenever you’re online. These are stored and can be retrieved.
Even when using incognito. Always be a decent and responsible netizen.
Ten Commandments of Computer Ethics

1. Thou shalt not use a computer to harm other people – If it is unethical to
harm people by making a bomb, for example, it is equally bad to write a
program that handles the timing of the bomb. Or, to put it more simply, if
it is bad to steal and destroy other people’s books and notebooks, it is
equally bad to access and destroy their files.
2. Thou shalt not interfere with other people’s computer work – Computer
viruses are small programs that disrupt other people’s computer work by
destroying their files, taking huge amounts of computer time or memory,
or by simply displaying annoying messages.
Generating and consciously spreading computer viruses is unethical.
3. Thou shalt not snoop around in other people’s computer files – Reading
other people’s email messages is as bad as opening and reading their
letters: This is invading their privacy. Obtaining other people’s non-public
files should be judged the same way as breaking into their rooms and
stealing their documents.
4. Thou shalt not use a computer to steal – Using a computer to break into
the accounts of a company or a bank and transferring money should be
judged the same way as robbery. It is illegal and there are strict laws
against it.
5. Thou shalt not use a computer to bear false witness – The Internet can
spread untruth as fast as it can spread truth. Putting out false
"information" to the world is bad. For instance, spreading false rumors
about a person or false propaganda about historical events is wrong.
Page | 2
6. Thou shalt not copy or use proprietary software for which you have not
paid – Software is an intellectual product. In that way, it is like a book:
Obtaining illegal copies of copyrighted software is as bad as
photocopying a copyrighted book. There are laws against both.
Information about the copyright owner can be embedded by a process
called watermarking into pictures in the digital format.
7. Thou shalt not use other people’s computer resources without

authorization or proper compensation – Multiuser systems use user id’s
and passwords to enforce their memory and time allocations, and to
safeguard information. You should not try to bypass this authorization
system. Hacking a system to break and bypass the authorization is
unethical.
8. Thou shalt not appropriate other people’s intellectual output – For
example, the programs you write for the projects assigned in this course
are your own intellectual output. Copying somebody else’s program
without proper authorization is software piracy and is unethical.
Intellectual property is a form of ownership, and may be protected by
copyright laws.
9. Thou shalt think about the social consequences of the program you are
writing or the system you are designing – You have to think about
computer issues in a more general social framework: Can the program
you write be used in a way that is harmful to society? For example, if you
are working for an animation house, and are producing animated films
for children, you are responsible for their contents. Do the animations
include scenes that can be harmful to children? In the United States, the
Communications Decency Act was an attempt by lawmakers to ban
certain types of content from Internet websites to protect young children
from harmful material. That law was struck down because it violated the
free speech principles in that country's constitution. The discussion, of
course, is going on.
10. Thou shalt always use a computer in ways that ensure consideration and
respect for your fellow humans – Just like public buses or banks, people
using computer communications systems may find themselves in
situations where there is some form of queuing and you have to wait for
Page | 3
your turn and generally be nice to other people in the environment. The
fact that you cannot see the people you are interacting with does not
mean that you can be rude to them.
References
● https://explorable.com/hawthorne-effect
● https://methods.sagepub.com/book/key-concepts-in-social-
research/n22.xml
● https://online.visual-paradigm.com/diagrams/tutorials/use-case-
diagram-tutorial/
● https://sites.google.com/site/2012itcs371devsec3fuzzysystem3/3
● https://www.investopedia.com/terms/c/click_and_mortar.asp
● https://www.mbaskool.com/business-concepts/marketing-and-strategy-
terms/2587click-only-companies.html
● https://www.sciencedirect.com/topics/computer-science/sequence-
diagram
● https://www.slideshare.net/fajarbaskoro/systems-request
● https://www.tutorialspoint.com/software_engineering/case_tools_overvi
ew.htm
● https://www.visualparadigm.com/support/documents/vpuserguide/2821/
286/7114_drawingbusin.html
● https://www.youtube.com/watch?v=DMPxxijmG7M&fbclid=IwAR0hx6Uo
4PSlgqmMmAO eX4e_R6mq0s4nMw-iwcXUOiixRkvkHeWxK8UTQj8
● https://www.youtube.com/watch?v=rAR5sbaphwU&fbclid=IwAR3EXVa8
Rag6iV8zFswXcF hRFOB_FaiEa7QD6QMukGoyaiQ6cRLH30xiCtY
● McCombes, S. (2020, January 13). How to Do a Case Study: Examples
and Methods.
Retrieved June 7, 2020, from
https://www.scribbr.com/methodology/case-study/
● NewLeaf. (2012). ROI or Payback Period? Retrieved June 7, 2020, from
https://newleafllc.com/2012/08/roi-or-payback-period/
● Requirements Modeling. Part 1
https://www.youtube.com/watch?v=2t0ichoFHG8 Part 2
https://www.youtube.com/watch?v=1u5KQh_B1_U
● ROSENBLATT, H. (2014) Systems Analysis and Design, 10th edition.
Shelly Cashman Series. Cengage Learning
● Top five causes of scope creep ... and what to do about them. A Guide to
the Project Management Body of Knowledge (PMBOK® Guide)—Fourth
edition https://www.pmi.org/learning/library/top-five-causes-scope-
creep-6675
Page | 4
● Feronika, N. (2018, January 15). Systems Analysis Activities. School of
Information Systems. https://sis.binus.ac.id/2018/01/15/systems-
analysis-activities/
● System Development Lifecycle (SDLC) | Michigan Tech Information
Technology. (n.d.). Michigan Technological University.
https://www.mtu.edu/it/security/policies-
proceduresguidelines/information-security-program/system-
development-lifecycle/
● Thakur, D. (2013, January 30). What is system maintenance? What are
its different types. Computer Notes.
https://ecomputernotes.com/mis/implementation-andevaluation/what-is-
system-maintenance-what-are-its-different-types
Page | 5
Unit 09: Computer and Cybersecurity
The vulnerabilities of a computer system should not be left alone for
perpetrators. We should prevent perpetrators from gaining access to our
computer systems. To ensure that information presented by your computer
system is reliable and not prone to computer fraud and malware.
Computers and the internet have transformed the lives of many people in many
good ways. Unfortunately, this vast network and its associated technologies
also have a number of security threats. It is our duty to protect ourselves from
these threats and attacks. Scammers, hackers and identity thieves are looking
to steal your personal information - and your money.
Computer security, the protection of computer systems and information from

harm, theft, and unauthorized use. Computer hardware is typically protected by
the same means used to protect other valuable or sensitive equipment, namely,
serial numbers, doors and locks, and alarms. The protection of information and
system access, on the other hand, is achieved through other tactics, some of
them quite complex. Computer security deals with the protection of computer
systems and information from harm, theft, and unauthorized use.
Cyber security is the practice of defending computers, servers, mobile devices,

electronic systems, networks, and data from malicious attacks. It's also known
as information technology security or electronic information security. The term
applies in a variety of contexts, from business to mobile computing, and can be
divided into a few common categories.
● Network security is the practice of securing a computer network from
intruders, whether targeted attackers or opportunistic malware.
● Application security focuses on keeping software and devices free of

threats. A compromised application could provide access to the data its
designed to protect. Successful security begins in the design stage, well
before a program or device is deployed.
● Information security protects the integrity and privacy of data, both in

storage and in transit.
● Operational security includes the processes and decisions for handling

and protecting data assets. The permissions users have when accessing
Page | 1
a network and the procedures that determine how and where data may
be stored or shared all fall under this umbrella.
● Disaster recovery and business continuity define how an organization

responds to a cybersecurity incident or any other event that causes the
loss of operations or data. Disaster recovery policies dictate how the
organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan
the organization falls back on while trying to operate without certain
resources.
● End-user education addresses the most unpredictable cyber-security

factor: people. Anyone can accidentally introduce a virus to an otherwise
secure system by failing to follow good security practices. Teaching users
to delete suspicious email attachments, not plug in unidentified USB
drives, and various other important lessons is vital for the security of any
organization.
Security is a constant worry when it comes to information technology. Data theft,

hacking, malware and a host of other threats are enough to keep any IT
professional up at night. We’ll look at the basic principles and best practices that
allow users to keep their systems safe. Individuals and companies must employ
the best security measures suitable to their needs to prevent fraudulent
activities.
Figure 02-C: CIA Triad
Page | 2
The goal of information security follows three main principles:
1. Confidentiality is ensuring that information is available only to the
intended audience – An organization obtains or creates a piece of
sensitive data that will be used in the course of its business operations.
Because the data is sensitive, that data should only be able to be seen
by the people in the organization that need to see it in order to do their
jobs. It should be protected from access by unauthorized individuals.
2. Integrity is protecting information from being modified by unauthorized
parties – Integrity involves maintaining the accuracy, consistency and
trustworthiness of data. Data must not be changed whilst at rest or in
transit by unauthorized individuals (which would demonstrate a breach of
confidentiality). Integrity of data is commonly ensured by implementing
security measures such as file permissions and access control models.
Version controls can also be utilized to avoid changes to data made
accidentally by authorized individuals.
3. Availability is protecting information from being modified by unauthorized
parties – When the individual that needs that piece of data to perform a
job duty is ready to utilize it, it must be readily accessible (i.e. online) in
a timely and reliable manner so the job task can be completed on time
and the company can continue its processing. Availability means that
authorized individuals are able to access their data whenever they want.
Effectively executing all three principles of the Security Triad creates an ideal
outcome from an information security perspective.
Good Security Practices for Individuals

1. Install anti-virus and anti-malware software
Software may include bugs as discussed in the previous modules. To limit
the vulnerabilities, make sure that the instructions for install of a software
is followed, the acquisition of the software is legitimate. Anti-virus and
anti-malware should also be installed and kept up to date.
Page | 3
2. Use a strong password
Reusing passwords or having the same password for multiple accounts,
websites, and other systems will become more vulnerable. Do not save
passwords on websites and devices that are unsecure. Remember to
change your passwords on a schedule to keep them fresh.
3. Log off public computers

Yes, the business centers and cybercafes that offer the use of a computer
system is convenient, but not secure. Since anyone can use them for
anything, they have probably been exposed to viruses, worms, trojans,
keyloggers, and other nasty malware. Should you use them at all? When
using a public area computer, be sure to completely log off when you are
finished using it.
4. Save and Back up

Some events may be inevitable like hardware failure and virus infection,
so be sure to save every now and then. Also back up important
information that is important to you. Make sure to verify if the files you’ve
saved can be easily restored.
5. Limit social network information

Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other
social networks have become an integral part of our online lives. Social
networks are a great way to stay connected with others, but you should
be wary about how much personal information you post. Learn how to
use the privacy and security settings to protect yourself, keep personal
information personal, know and manage your friends, know what to do if
you encounter a problem.
6. Download files legally

Avoid peer-to-peer (P2P) networks and remove any file-sharing clients
already installed on your system. Since most P2P applications have
worldwide sharing turned on by default during installation, you run the
risk of downloading viruses or other malware to your computer, and
having your personal and/or confidential information inadvertently shared
across the Internet, which could lead to identity theft.
Page | 4
7. Keep personal information safe
Do not divulge personal information online if you’re not sure about the
sender or the website. A common fraud, called "phishing", sends
messages that appear to be from a bank, shop or auction, giving a link
to a fake website and asking you to follow that link and confirm your
account details.
8. Lock your computer

Whenever you leave our devices unattended, make sure that your
device/s are locked.
9. Do not click on suspicious links or pop-up notifications

Avoid visiting unknown websites or downloading software from untrusted
sources. These sites often host malware that will automatically install
(often silently) and compromise your computer. If attachments or links in
the email are unexpected or suspicious for any reason, don't click on it,
just visit the actual sender website.
10. Keep applications up to date

Turn on automatic updating or make sure that all applications are also up
to date.
Definition of terms
● Firewall: A firewall is a network security device that monitors incoming
and outgoing network traffic and decides whether to allow or block
specific traffic based on a defined set of security rules.
● Hackers: A hacker is a person who breaks into a computer system. The
reasons for hacking can be many: installing malware, stealing or
destroying data, disrupting service, and more. Hacking can also be done
for ethical reasons, such as trying to find software vulnerabilities so they
can be fixed.
● Threats: A threat is anything that can compromise the confidentiality,
integrity, or availability of an information system.
● Vulnerability: A vulnerability is any weakness in the information
technology (IT) infrastructure that hackers can exploit to gain
unauthorized access to data.
Page | 5
Some of the most common threats to cybersecurity include:
● Malware: This refers to malicious software such as viruses, worms, and
Trojan horses that can infect computers and devices, steal sensitive
information, or damage systems.
● Phishing: This is the practice of sending fake emails or messages that
appear to come from a trustworthy source, such as a bank or a popular
website, in order to trick people into revealing sensitive information.
● Ransomware: This is a type of malware that encrypts a victim's files and
demands a ransom payment in exchange for the decryption key.
● Distributed Denial of Service (DDoS) attacks: These attacks overload a
website or online service with traffic, making it inaccessible to users.
● Insider threats: Refers to current or former employees, business
partners, contractors, or anyone who has had access to any systems or
networks in the past. can be considered an insider threat if they abuse
their access permissions.
● Man-in-the-middle attacks: Man-in-the-middle is an eavesdropping
attack, where a hacker/intruder intercepts and relays messages between
two parties in order to steal data.
● Advanced persistent threats (APTs): In an APT, an intruder or group of
intruders sneak into a system and remain undetected for an extended
period. The intruder leaves networks and systems intact to avoid
detection so that the intruder can spy on business activity and steal
sensitive data.
Information security, also known as InfoSec, refers to the processes and
tools designed and deployed to protect sensitive business information from
modification, disruption, destruction, and inspection.
Page | 6
Unit 10: Cybercrime Law
DISCLAIMER: The following material was copied with permission from the GIT
Lecture 9 - Cybercrime Laws in the Philippines.pptx presentation of Atty. Marco
Cunanan from PAO.
A Brief Retrospective View: How It All Started

The I LOVE YOU Worm
● On the year 2000 a Filipino named Onel De Guzman created a worm that
sent messages through email with an attachment: “LOVE-LETTER-
FORYOU.txt.vbs”
● When the attachment is opened, the file activates a code that sends an
instruction to forward the same email to all the contacts of the user
● The worm spread to e-mail accounts across the globe – including US and
Europe – overwhelming the email systems of private and government
organizations causing them to shut down resulting to estimated damages
worth millions of USD
● This prompted the FBI to identify the source of the worm, which was then
traced back to the Philippines
Page | 1
“It is not clear whether the author of the virus can even be prosecuted in the
Philippines, where computer use is still uncommon among ordinary citizens and cyber-
crimes are not yet define in the legal code.”
● Onel De Guzman was eventually arrested by the Philippine government

at the request of the FBI but was released shortly afterwards because
there was NO pre-existing Philippine laws that he violated
Republic Act 8792: Philippine E-Commerce Act Of 2000

The full title of R.A. 8792 is …
AN ACT PROVIDING FOR THE
RECOGNITION AND USE OF ELECTRONIC TRANSACTIONS AND
DOCUMENTS, PENALTIES FOR UNLAWFUL USE THEREOF AND
OTHER PURPOSES.
NOTE: R.A. 8792 was used to define certain illegal activities concerning the
use of various devices in an effort to provide a legal provision to deter
future actions similar to what Onel De Guzman did

Chapter II of R.A. 8792 states the following provisions that is implemented by
this law:
Page | 2
Section 6. LEGAL RECOGNITION OF DATA MESSAGES
● ELECTRONIC DATA MESSAGES such text messages, e-mails, or any other
similar modes of communication done through electronic means [including
unaltered screenshots] has the same legal validity as physical messages
Section 7. LEGAL RECOGNITION OF ELECTRONIC DOCUMENTS

● ELECTRONIC DOCUMENTS shall have the legal effect, validity or
enforceability as any other document or legal writing.
NOTE: This provision gives softcopy of authentic documents the same legal
validity as physical documents
Section 8. LEGAL RECOGNITION OF ELECTRONIC SIGNATURES

● An ELECTRONIC SIGNATURE on the electronic document shall be
equivalent to the signature of a person on a written document
Chapter III of R.A. 8792 states the following penalties in violation of this law:
Section 33. PENALTIES
The following acts shall be penalized by fine and/or imprisonment:
1. HACKING/CRACKING
● Unauthorized access into a computer system/server or information and
communication system
● Any access with the intent to corrupt, alter, steal, or destroy using a
computer or computer system without the knowledge and consent of the
owner of the system
2. PIRACY
● Unauthorized copying, reproduction, storage, uploading, downloading,
communication, or broadcasting of protected material [..] through the use
of telecommunication networks, e.g. the Internet, in a manner that
infringes intellectual property.
3. Violations against R.A. 7394: The Consumer Act Of The Philippines ● R.A.
7394 was enacted primarily to protect the consumers …
… against hazards to health and safety, and
… against deceptive, unfair and unconscionable sales acts and
practices.
Page | 3
NOTE:
● Penalty for HACKING/CRACKING and PIRACY:
▪ Pay a fine amounting to a minimum of one hundred thousand
pesos (PhP 100,000) and a maximum that is commensurate to the
damage incurred and …
▪ Mandatory imprisonment of 6 months to 3 years.
● Penalty for violations against R.A. 7394 will be the same penalties as provided
by same law which is to pay a fine of PhP 20,000 to PhP 2000,000 and/or
imprisonment of 3 to 6 years

Does connecting to an open WIFI network (e.g. WIFI with no password), without the
consent of the network owner, constitute a violation of RA 8792?
NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal or
destroy”
REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT

OF 2012
R.A. 10175 is an act that adopts sufficient powers to effectively prevent and
combat cybercrime offenses by facilitating their detection, investigation, and
prosecution at both the domestic and international levels
R.A. 10175 defines CYBERCRIME as a crime committed with or through the

use of information and communication technologies such as radio, television,
cellular phone, computer and network, and other communication device or
application.
JURISDICTION OF R.A. 10175

Who can be charged with violations of this law?
1. Any violation committed by a Filipino national regardless of the place of
commission.
2. Any of the [cybercrime] elements were committed within the Philippines
or committed with the use of any computer system wholly or partly
situated in the country.
Page | 4
3. When by such commission, any damage is caused to a […] person who,
at the time of the offense was committed, was in the Philippines

Chapter 2 – Section 4 lists the punishable acts under R.A. 10175
Section 4. CYBERCRIME OFFENSES

The following acts constitute the offense of cybercrime punishable under this
Act
(a) OFFENSES against the CONFIDENTIALITY, INTEGRITY and
AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS;
(b) COMPUTER-RELATED OFFENSES; and
(c) CONTENT-RELATED OFFENSES
SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and

AVAILABILITY (CIA) of COMPUTER DATA and COMPUTER SYSTEMS
The following acts under this cybercrime includes the following:
1. ILLEGAL ACCESS
The access to the whole or any part of a computer system without right.
NOTE:
● “access” is the instruction, communication with, storing/retrieving data
from or use of any resources of a computer system of network
● “without right” means having no consent from the owner of the
computer system
NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal
or destroy”
YES! Illegal access is to “make use of any resources” without right
(consent)
Page | 5
2. ILLEGAL INTERCEPTION
The interception […] of computer data to, from, or within a computer
system.
NOTE:
● Interception is listening to, recording, monitoring or surveillance of the
content of communications through the use of electronic eavesdropping or
tapping devices at the same time that the communication is occurring
Illegal interception: Man-in-the-Middle Attack
3. DATA INTERFERENCE
The intentional or reckless alteration, damaging, deletion or
deterioration of computer data, electronic document or electronic
data message without right – including the introduction or
transmission of viruses NOTE:
Consider the following situation:
 After you insert the flash drive in your computer, your computer get
infected and you lost your documents
Is your friend liable for any violation on RA 10175?
YES! Data interference includes “the intentional or reckless alteration,
damaging, deletion
or deterioration of computer data” – even if your friend has no malicious
intent it is still considered as “recklessness” in his/her part causing you
to lose your file
4. SYSTEM INTERFERENCE
The intentional alteration or reckless hindering or interference with the
functioning of a computer or computer network by inputting,
Page | 6
transmitting, damaging, deleting, deteriorating, altering or suppressing
computer data or program, electronic document, or electronic data
message, without right or authority, including the introduction or
transmission of viruses
NOTE:
● This is more or less an extension of the previous offense whereby the
affected entity is not just data but the whole system

Consider the same situation in the previous example:
 After you insert the flash drive in your computer, your computer
get infected and you lost all your files and the whole computer system
went into error Is your friend liable for any violation on RA 10175?
YES! Although it may be unintentional, data interference and system

interference was committed
● SYSTEM INTERFERENCE EXAMPLE: CRYPTOJACKING or
CRYPTOMINING MALWARE
 Refers to software programs and malware components developed to
take over a computer’s resources and use them for cryptocurrency
mining without the user’s explicit permission
 When you download through torrent sites like “thepiratebay”, you
basically give them the authority to use your computer’s CPU to “mine”
cryptocurrencies – the reason why downloading a lot of torrent file can
cause your computer to heat up
● SYSTEM INTERFERENCE EXAMPLE: WEBSITE DEFACING
Page | 7
COMELEC website defaced by Anonymous Philippines (March 27,
2016)
5. MISUSE OF DEVICE
The unauthorized use, production, sale, procurement, distribution or
otherwise making available of:
i. A device designed for committing any offenses under this Act ii.
A computer password, access code, or similar data by which […] a
computer system is […] accessed with the intent of committing
any offenses under this act
NOTE:
MISUSE OF DEVICE EXAMPLE: SKIMMING DEVICES and KEYLOGGERS
6. CYBER-SQUATTING
The acquisition of a domain name on the internet in bad faith to profit,
mislead, destroy reputation, and deprive others from registering the
same
It is cyber squatting if the domain name that was acquired is:
i. Similar, identical or confusingly similar to an existing government-
registered trademark;
ii. In case of a personal name, identical or in any way similar with the
name of a person other than the registrant; and
iii. Acquired without right or with intellectual property interests in it
NOTE:
● CYBER-SQUATTING SAMPLE CASE: MikeRoweSoft.com
Page | 8
 In January 2004, Mike Rowe was a grade 12 student who operated a
profitable web design business as a part time job.
 He registered the website with the domain name MikeRoweSoft.com
 Lawyers from Microsoft asked him to stop using the website and Mike
Rowe complied after an undisclosed settlement with the company
SECTION 4 (b) COMPUTER-RELATED OFFENSES

The following are considered as computer-related offenses:
1. Computer-related FORGERY
There are two ways where computer-related forgery can be committed:
a. The input, alteration, or deletion of any computer data without right
resulting in inauthentic data with the intent that it be considered or
acted upon for legal purposes as if it were authentic
b. The act of knowingly using computer data which is the product of
computer-related forgery for the purpose of perpetuating a
fraudulent or dishonest design
NOTE:
● COMPUTER-RELATED FORGERY EXAMPLE:
Hacking into the SLU Student Portal to change your grade from 65 to 95
Since NO MONETARY VALUE is involved, this is considered as “forgery” and
not “fraud”
2. Computer-related FRAUD
The unauthorized input, alteration, or deletion of computer data or
program or interference in the functioning of a computer system,
causing damage thereby with fraudulent intent
NOTE:
● The ONLY difference between forgery and fraud is if the damage incurred
has a monetary value.
● COMPUTER-RELATED FRAUD EXAMPLES:
 Hacking into a bank’s database and changing your account balance from
PhP 500 to PhP 5,000
 Asking people to send you a “prepaid load” by pretending to be a
“relative from abroad”
3. Computer-related IDENTITY THEFT
Page | 9
● The intentional acquisition, use, misuse, transfer, possession,
alteration or deletion of identifying information belonging to another
[person] without right
NOTE:
● COMPUTER-RELATED IDENTIFY THEFT EXAMPLE:
Those fake social media accounts that has a user profile that contains
“identifying information” – like picture or name – belonging to another
person with the intention of using it for malicious purposes, such as
pretending to be the actual person even if it is not
SECTION 4 (c) CONTENT-RELATED OFFENSES

The following are considered as content-related offenses:
1. CYBERSEX
● The willful engagement, maintenance, control or operation – directly
or indirectly – any lascivious exhibition of sexual organs or sexual
activity, with the aid of a computer system, for favor or consideration
NOTE:
Assume that two individuals, who happen to be real-life partners, gave their
consent to each other to record their sexual act.
Is this a case of cybersex?
NO! Since both parties consented and even if these acts are publicly
denounced, they do NOT constitute to cybersex since the act is NOT done
for “any favour or consideration” and without the element of “engagement
in business”
2. CHILD PORNOGRAPHY
● The unlawful or prohibited acts defined and punishable by R.A. 9775:
The Anti-Child Pornography Act of 2009 committed through a
computer system
● This includes any representation – whether visual or audio – by
electronic or any other means of a child engaged or involved in real
or simulated explicit sexual activities NOTE:
Are “hentai” clips – sexually explicit Japanese comics or anime – considered as
a violation of this law?
NO … unless the hentai clip itself contains a character which is explicit
identified as a minor. If so, the said material is prohibited and the
creator/distributor of the said material are liable for violation of this law.
Page | 10
3. ONLINE LIBEL
● Libel is the public and malicious imputation of a crime – real or
imaginary – or any act, omission, condition, status or circumstance
tending to cause the dishonor, discredit, or contempt of a […] person,
or to blacken the memory of the dead
● FOUR ELEMENTS OF LIBEL

a. Allegations of a discreditable act or condition concerning
another;
b. Publication of the charge;
c. The person being defamed is clearly identified; and
d. Existence of malice.
NOTE:
Assume that someone posted this unfounded claim on social media:
“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG

“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”
Did the person who posted commit online libel?
YES! All the FOUR ELEMENTS OF LIBEL is present!
a. FALSE ALLEGATION: MAGNANAKAW KA! KAYONG DALAWA NG
NANAY MO!
b. PUBLICATION: Allegation was posted on social media
c. PERSON DEFAMED is IDENTIFIED: Maria David and her mother
d. EXISTENCE OF MALICE: Even though unfounded, the post was
published nonetheless
If you LIKED/REACTED to the post above, are you liable?

NO! LIKING or REACTING may be a sign of approval to the said post but
NO
STATEMENT was mentioned – none of the FOUR ELEMENTS OF LIBEL is
present!
If you SHARED the said post, are you liable?

NO! The libelous statement was NOT made by the person who SHARED it!
Page | 11
If you COMMENTED on the said post with “OO NGA!”, are you liable?
NO! Similar to LIKING or REACTING, commenting “OO NGA!” does not
discredit or allege Maria David – none of the FOUR ELEMENTS OF LIBEL
is present!
If you COMMENTED on the said post with “OO NGA! MAGNANAKAW
KAYONG MAG-
INA”, are you liable?
YES! This statement is not merely an approval but also states an
allegation towards Maria David and her mother.
This makes the person liable for libel since the comment can be seen
publicly as well.
PRIVACY UNDER THE CIVIL CODE

This is the right of an individual “to be free from unwarranted publicity, or to live
without unwarranted interference by the public in matters in which the public is
not necessarily concerned.”
Does the state (i.e. the government) have the right to disturb private individuals in
their homes?
NO! The State recognizes the right of the people to be secure in their houses.
No one, not even the State, except "in case of overriding […] and only under the
stringent procedural safeguards," can disturb them in the privacy of their
homes.
REPUBLIC ACT 386: CIVIL CODE OF THE PHILIPPINES

(1950)
Article 26: Every person shall respect the dignity, personality, privacy and peace
of mind of his neighbors and other persons.
Page | 12
The following and similar acts, though they may not constitute a criminal
offense, shall produce a cause of action for damages, prevention and other
relief:
(1) Prying into the privacy of another's residence;
(2) Meddling with or disturbing the private life or family relations of another;
(3) Intriguing to cause another to be alienated from his friends;
(4) Vexing or humiliating another on account of his religious beliefs, lowly
station in life, place of birth, physical defect, or other personal condition.
May an individual installs surveillance cameras on his own property facing the
property of another? (Hing vs. Choachuy 2013)
NO! A man’s house is his castle, where his right to privacy cannot be denied or
even restricted by others.
It includes any act of intrusion into, peeping or peering inquisitively into the
residence of another without the consent of the latter.
NOTE on the INSTALLATION of CAMERAS:
The installation of surveillance cameras, should NOT cover places where there is
reasonable expectation of privacy, unless the consent of the individual – whose
right to privacy would be affected – was obtained.
Sample Case: (Zulueta vs C.A., 1996)

Situation:
• Cecilia entered the clinic of Dr. Martin – her husband – and in the
presence of witnesses, forcibly opened the drawers and cabinet and took
157 documents and papers consisting of greetings cards, cancelled
checks, diaries, and photographs between Dr. Martin and his alleged
paramours.
• The said documents were used as evidence in legal separation case.
Was the right to privacy of Dr. Martin violated?
YES! In the decision of the court: “A person, by contracting marriage, does not
shed his/her integrity or his right to privacy as an individual and the
constitutional protection is ever available to him or to her.”
The documents and papers are inadmissible as evidence since the way they
were gathered violated the right to privacy of Dr. Martin
Page | 13
REASONABLE EXPECTATION OF PRIVACY
Also known as the “right to be left alone”, refers to the right of a person to “expect
privacy” in places and/or situations that the community generally accepts as
“quite reasonable”
For instance, there are certain instances that a person assumes that there is
reasonable expectation of privacy such that at that particular moment nobody
can see or hear him/her.
GUIDE QUESTION: REASONABLE EXPECTATION OF PRIVACY
Does an employee have a reasonable expectation of privacy in the workplace?
According to a court decision, an employee have LESS or NO expectations of
privacy in the workplace.
For instance, CCTV cameras may be watching an employee’s every move while
inside the company grounds. The only place where there is reasonable
expectation of privacy is inside the toilet facilities of the company.
REPUBLIC ACT 9995: ANTI-PHOTO AND VIDEO

VOYEURISM ACT OF 2009
Included under the REASONABLE EXPECTATION OF PRIVACY is that any
person believes that:
● He/she could disrobe in privacy, without being concerned that an image
or a private area of the person was being captured;
● The private area of the person would not be visible to the public,
regardless of whether that person is in a public or private place.

What does “PRIVATE AREA OF A PERSON” include?
The “private area of a person” includes naked or undergarment-clad genitals,

pubic area, buttocks, or the female breast of an individual
Section 4: PROHIBITED ACTS.

It is hereby prohibited and declared unlawful for any person:
(a) To TAKE photo or video coverage of a person or group of persons
performing sexual act or any similar activity or to capture an image of the
private area of a person without the consent of the person involved and
Page | 14
under circumstances in which the person/s has/have a reasonable
expectation of privacy;
(b) To COPY or REPRODUCE […] such photo or video or recording of (a);
(c) To SELL or DISTRIBUTE […] such photo or video or recording of (a); or
(d) To PUBLISH or BROADCAST […] of (a) through VCD/DVD, Internet,
cellular phones and other similar means or device.
GUIDE QUESTION: PROHIBITED ACTS of R.A. 9995

Will one be liable for the non-commercial copying or reproduction of said photo or
video – e.g. copy or reproduce for free without asking for money?
YES! The mere copying or reproduction of said material will make one liable
under the law regardless of the reason or whether one profits or not from such
act.
If the persons in the photo knew and consented to the video recording or taking of the
photo, can anyone reproduce, distribute, or broadcast it?
NO! The person merely consented to the taking of the photo or the video
recording and did not give written consent for its reproduction, distribution,
and broadcasting.
Section 4: PENALTIES.
The penalty for the commission of any of the prohibited acts above are as
follows:
● Imprisonment of 3 years to 7 years imprisonment; and
● Fine of Php 100,000.00 to Php 500,000.00
REPUBLIC ACT 10173: DATA PRIVACY ACT OF 2012

PURPOSE
1. PROTECTS THE PRIVACY OF INDIVIDUALS while ensuring free flow
of information to promote innovation and growth.
2. REGULATES the collection, recording, organization, storage, updating or
modification, retrieval, consultation, use, consolidation, blocking, erasure
or destruction of PERSONAL DATA.
3. Ensures that the Philippines COMPLIES WITH INTERNATIONAL
STANDARDS set for data protection.
Page | 15
DEFINITION OF TERMS
1. PERSONAL INFORMATION CONTROLLER (PIC)
The individual, corporation, or body who decides what to do with data.
2. PERSONAL INFORMATION PROCESSOR (PIP)

One who processes data for a PIC. The PIP does not process information
for the PIP’s own purpose.
3. CONSENT OF THE DATA SUBJECT

Any freely given, specific, informed indication of will, whereby the data
subject agrees to the collection and processing of personal information
about and/or relating to him or her.
The agreement must inform:
a. Purpose, nature, and extent of processing;
b. Period of consent/instruction;
c. Rights as a data subject.
4. BREACH
A security incident that:
a. Leads to unlawful or unauthorized processing of personal,
sensitive, or privileged information;
b. Compromises the availability, integrity, or confidentiality of
personal data.
PERSONAL INFORMATION vs SENSITIVE PERSONAL

INFORMATION
PERSONAL INFORMATION SENSITIVE PERSONAL INFORMATION
Any personal information about a Any information or opinion about a
particular individual that can be particular individual that may be used to
used in identifying a person. harm or discriminate a person.
This includes, but not limited to: This includes, but not limited to:
• Name • Race or ethnic origin
• Phone number • Criminal record
• Address • Religious affiliations
• E-mail address • Medical record
Page | 16
PROCESSING OF PERSONAL INFORMATION
The processing of personal information shall be allowed if it adheres to ALL the
following:
1. PRINCIPLES OF TRANSPARENCY
● The data subject must know:
a. What personal data will be collected
b. How the personal data will be collected
c. Why personal data will be collected
● The data processing policies of the PIC must be known to the data
subject.
● The information to be provided to the data subject must be in clear
and plain language.
2. LEGITIMATE PURPOSE PRINCIPLE

● Data collected must be always be collected only for the specific,
explicit, and legitimate purposes of the PIC.
● Data that is not compatible with the purpose [of the data collection]
shall not be processed.
3. PRINCIPLE OF PROPORTIONALITY
● The amount of data collected for processing should be adequate,
relevant, and not excessive in proportion to the purpose of the
data processing.
● Efforts should be made to limit the processed data to the minimum
necessary.
PROCESSING OF SENSITIVE PERSONAL INFORMATION

The processing of sensitive personal information shall be allowed if it adheres
to ONE of the following:
1. The consent of data subject has to be given;
2. The processing is necessary and is related to the fulfillment of a contract
with the data subject or in order to take steps at the request of the data
subject prior to entering into a contract;
Page | 17
3. The processing is necessary for compliance with a legal obligation to
which the PIC is subject;
4. The processing is necessary to protect vitally important interests of the
data subject, including life and health;
5. The processing is necessary in order to respond to national emergency,
to comply with the requirements of public order and safety, or to fulfill
functions of public authority […]; or
6. The processing is necessary for the purposes of the legitimate interests
pursued by the PIC […], except where such interests are overridden by
fundamental rights and freedoms of the data subject […]
RIGHTS OF THE DATA SUBJECT

1. Right to be INFORMED
● This is the right to be informed that your personal data shall be,
are being, or have been processed.
● The disclosure must be made before the entry of the data into the
processing system or at the next practical opportunity
2. Right to OBJECT
● The right to refuse to the processing of personal data.
● This includes the right to be given an opportunity to withhold
consent to the processing in case of any changes or any
amendment to the information supplied or declared.
3. Right to ACCESS
● The right to find out whether a PIC holds any personal data about
you.
4. Right to RECTIFICATION
● This involves the right to dispute the inaccuracy or error in the
personal data and have the PIC correct it immediately.
● It also includes access to new and retracted information, and
simultaneous receipt thereof.
Page | 18
● Recipients previously given erroneous data must be informed of
inaccuracy and rectification upon reasonable request of the data
subject.
5. Right to ERASURE OR BLOCKING

● This is the right to suspend, withdraw, or order the blocking,
removal, or destruction of his/her personal information from the
PIC’s filing system
● The right to erase or block can be invoked in the following
circumstances:
◼ There are data which are incomplete, outdated, false, or
unlawfully obtained.
◼ The data was used for unauthorized purposes.
◼ The data is no longer necessary for purposes of collection.
◼ The processing of data was found to be unlawful.
◼ The PIC or PIP violated the rights of the data subject.
6. Right to DAMAGES
● This is the right to be receive compensation for any damages
sustained due to inaccurate, incomplete, outdated, false,
unlawfully obtained, or unauthorized use of personal data.
● If there are circumstances where you discovered that your
personal data was mishandled, you have the right to ask for
compensation for the damage it has caused you.
7. Right to DATA PORTABILITY

● The right to obtain a copy of data undergoing processing in [a
commonly used] electronic or structured format that allows for
further use by the data subject.
● Takes into account the right to have control over personal data
being processed based on consent, contract, for commercial
purposes, or through automated means.
8. Right to FILE A COMPLAINT

● The right to file a complaint in circumstances wherein the PIC or
the PIP has breached the privacy of the data subject
Page | 19
May a teacher/professor search the contents of a student’s cellular phone?
NO! Any search through a student’s cellular phone without justification under a
law or regulation is UNLAWFUL, and may be considered as “unauthorized
processing of data”
However, there are exceptions:
• If it was done with student’s consent [except if the student is a minor]
• If it is required by the student’s life and health, or by national emergency.
Is an implied (indirect) form of consent valid?

Example:
“By continuing to avail of xxx products and services:, you explicitly
“authorize xxx, its employees, duly authorized representatives,
“related companies and third-party service providers, to use, process
“and share personal data needed in the administration of your xxx”
NO! Consent under the Data Privacy Act has three requirements, none of which
are seen in an implied consent:
• Consent must be freely given;
• Details about what consent is being asked must be specific; and
• There must be an informed indication of will.
Are handwritten signatures considered sensitive personal information?
NO! It is possible that one may share a similar signature as another person.
Moreover, some signatures do not, in any way, show signs of identity of a
person.
However, these may be considered personal information when used to identify
an individual such as a signature affixed on the name of a person.
Are usernames, password, IP and MAC address, location cookies and birthday
(month and day only) are considered personal information?
YES!*
* Only when they are combined with other pieces of information that may allow
an individual to be distinguished from others.
PROHIBITED ACTS OF R.A. 10173

1. Unauthorized processing of personal information and sensitive personal
information Process (sensitive) personal information without the consent
of the data subject or without being authorized under the Data Privacy
Act or any other law.
Page | 20
2. Accessing personal information and sensitive personal information due
to negligence Provided access to (sensitive) personal information due to
negligence or was unauthorized under the Data Privacy Act or any
existing law.
3. Improper disposal of (sensitive) personal information

Negligently dispose, discard or abandon the (sensitive) personal
information of an individual in an area accessible to the public or placed
the (sensitive) personal information of an individual in a container for
trash collection.
4. Processing of personal information and sensitive personal information for

unauthorized purposes
Process personal information for purposes not authorized by the data
subject or not otherwise authorized by the Data Privacy Act or under
existing laws.
5. Unauthorized access or intentional breach

Knowingly and unlawfully violate data confidentiality and security data
systems where personal and sensitive personal information is stored.
6. Malicious disclosure
Discloses to a third party unwarranted or false information with malice or
in bad faith relative to any (sensitive) personal information obtained by
such PIC or PIP.
Unit 11: Security Controls

Security controls are a set of procedures and technological measures to ensure
secure and efficient operation of information within an organization, both
general and application controls for safeguarding information. These control
activities are applied throughout an organization. The most important general
controls are the measures that control access to computer systems and the
information stored or transmitted over telecommunication networks. General
controls include administrative measures that restrict employee access to only
those processes directly relevant to their duties, thereby limiting the damage an
employee can do.
Page | 21
IT security is about protecting things that are of value to an organization.
Security controls exist to reduce or mitigate the risk to those assets. They
include any type of policy, procedure, technique, method, solution, plan, action,
or device designed to help accomplish that goal. Recognizable examples
include firewalls, surveillance systems, and antivirus software.
There are two ways to classify controls in an organization: by type – physical,

technical, or administrative – and by function – preventive, detective, and
corrective.
Control Types
● Physical Controls – Describes anything tangible that’s used to prevent or
detect unauthorized access to physical areas, systems, or assets. This
includes gates, access cards, CCTVs, and motion sensors.
● Technical Controls – (also known as logical controls) Includes hardware
or software mechanisms used to protect assets. Common examples are
authentication solutions, firewalls, and antivirus software.
● Administrative Controls – Refers to policies, procedures, or guidelines
that define personnel or business practices in accordance with the
organization's security goals. These can apply to the hiring and
termination of employees, equipment and Internet usage, separation of
duties, and auditing.
Control Functions
● Preventive Controls – These is any security measure that is designed to
prevent or stop any malicious activity from happening. These can be
fences, alarms, and antivirus software.
● Detective Controls – These is any security measure taken or
implemented to detect and alert to unwanted or unauthorized activity in
progress or after it has occurred. It can be alerting guards or notifications
from a motion sensor.
● Corrective Controls – Any measures taken to repair damage or restore
resources and capabilities following an unauthorized or unwanted
activity. This may include rebooting the system, or terminating a process,
or quarantining a virus.
Page | 22
CONTROL FUNCTIONS
Preventive Detective Corrective

Fences, gates, CCTV and Repair physical
Physical locks surveillance damage, re-issue
camera logs access cards
Firewall, IPC, MFA Intrusion detection Patch a system,
solution, antivirussystems, terminate a
Technical software honeypots process, reboot a
system, quarantine
a virus
Hiring and Review access Implement a
termination rights, audit logs, business continuity
Administrative policies, separation and unauthorized place or incident
of duties, data changes response plan
classification
Table 02-A: Examples of Control Functions and Types
GRADED ACTIVITY 2

1. What use does the internet have for you? Explain in 3-5 sentences.
2. If you have a phone, a laptop, or any similar kinds of technology, which 2
apps or softwares do you use often to be more productive? Explain in no
more than 3 sentences each how you think these apps or softwares work
and what makes them useful for you.
1. Information is commonly referred to as processed data, data being the
raw material. The key factor here is that data needs to undergo certain
processes before it becomes information. With this in mind, give 5
examples of data being transformed into information. Present your work
in a creative and concise output that organizes the data, the process it
will undergo, and the resulting information.
Page | 23
2. Think of any business around you (your bank, convenience store, etc.)
and identify ways on how you think they can be more productive. Explain
in 3-5 sentences.
1. Computers perform many jobs that previously were performed by people.
Will computer-based transactions and expanded e-commerce eventually
replace person to-person contact? From a customer’s point of view, is
this better? Why or why not?
2. What types of information systems might a large company use?

Solve the following problem applying the method used in the video uploaded in
your powerpoint presentation. You may check: Lesson 07 Video 01 Payback
period
Problem. Assume the following cash flow for 2 projects. Assuming that the cash flows
are occurring at the end of the year. Find the payback period for both these projects.
Year Project 1 Project 2
0 -1000 -1000
1 600 100
2 400 400
3 200 600
4 200 600
5 100 700
Solution:
Content marketing can be a very hectic mess unless you organize it into clear
business processes. Consider the following process:
• The content writer takes up & finishes the first draft of an article. Includes
descriptions of any custom images that are to be used in the article
• The marketer gathers influencer contact information, to be used for advertising
and marketing once the article is done
• The editor proof-reads the article, makes points on grammar, style, spelling, etc.
• The designer creates custom images as asked, sending them over to the
content writer
Page | 24

Unit 6-10

Uploaded by

Copyright:

Available Formats

Unit 6-10

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 6-10

Uploaded by

Copyright:

Available Formats

Unit 06: Information Systems

Companies use information as a weapon in the battle to increase productivity,

A System is a set of two or more interrelated components interacting to achieve

Information System Components

● Hardware – tangible aspect of a computer system

Who develops Information Systems?

Systems Analysis and Design

Systems Analyst plans, develops, and maintains information systems.

Business and Information Systems

With the different technological advancements, businesses have adopted newer

Business and Information Systems

Examples of Information Systems according to support provided

WHAT INFORMATION DO USERS NEED?

Middle Managers and Knowledge Workers

Supervisors and Team Leaders

Unit 07: Systems Development Life Cycle

ROLE IN THE PROJECT PROPOSAL

System development is the process of defining, designing, testing and

System Development Methods

Systems Analysis – System analysts must do analysis activities when creating

The systems analysis phase consists of requirements modeling, and process

Watch the Lesson 07 Requirements.mp4 video.

Watch the IPO video: Lesson 07 Video 02 IPO.mp4

Examples of functional requirements for a website:

Examples of non-functional requirements for a website:

System Design Guidelines:

System Design Considerations

Prototyping Tools – systems analysts can use powerful tools to develop

Future Trends in Software Development

Here are some links on how to create prototypes:

2. Maximize Graphical Effectiveness

3. Think Like a User

4. Use Models and Prototypes

Unit 07: Systems Development Life Cycle

ROLE IN THE PROJECT PROPOSAL

System development is the process of defining, designing, testing and

System Development Methods

Systems Analysis – System analysts must do analysis activities when creating

The systems analysis phase consists of requirements modeling, and process

Watch the Lesson 07 Requirements.mp4 video.

Watch the IPO video: Lesson 07 Video 02 IPO.mp4

Examples of functional requirements for a website:

Examples of non-functional requirements for a website:

System Design Guidelines:

System Design Considerations

Prototyping Tools – systems analysts can use powerful tools to develop

Future Trends in Software Development

Here are some links on how to create prototypes:

2. Maximize Graphical Effectiveness

3. Think Like a User

4. Use Models and Prototypes

General Guidelines for Computer Etiquette

Ten Commandments of Computer Ethics

7. Thou shalt not use other people’s computer resources without

Computer security, the protection of computer systems and information from

Cyber security is the practice of defending computers, servers, mobile devices,

● Application security focuses on keeping software and devices free of

● Information security protects the integrity and privacy of data, both in

● Operational security includes the processes and decisions for handling