JULIE FE U.

TABON
MAED-1E

Information Management System Page 1

 OVERVIEW OF THE MODULE

 Purpose of the Module

The competency presented in this module are primarily designed to equip the
student with the adequate knowledge necessary to the understanding and
appreciation of Information management system specifically to digital safety
and digital security.

The main purpose of this module is to provide a background and necessary

measures that can be taken to protect oneself from being vulnerable to digital
attack.

 Title and Description

This module title Information Management System consists of
competency of the following digital safety and security as to: administrative
control, technical or logical control and physical control, also the
countermeasure or safeguard procedures.

 Module Guide
This module is designed and focus on major topics such as conduct digital
safety and security concept testing and documentation, elements of IT security
and the relation between the information security principles.

 Module Outcomes
It is believed that once a student attained understanding of the competency,
the student is capable of the following areas of expertise in digital safety and
security.

 Module Requirements
As a final requirement of this module, student have to be able to answers
questions provided in each subsequent topics according to the time allotted
given to them. After completion of this module, the learners must submit a
“Video” highlighting competency to the following controls: administrative,

Information Management System Page 2

technical or logical and physical, also the countermeasure or safeguard
procedures.

 Module Parts
This module is consisting of the following parts, intrusion triangle, security
terminology, physical security control and preventing accidental compromise of
data. This encompasses all the lessons covering this module.

 Pre Assessment
Before we begin with our lessons, let us assess your knowledge on the
topic provided herein.

1. With the many types of electronic communication, which is the best for
regular entries, commentaries, and most like an on-line diary?
A. Discussion Board
B. Blog
C. Chat Room
D. Podcast
2. Real-time conversations and group on-line discussion needs are best
served by: A. Discussion Boards
B. Blogs
C. Chat Rooms
D. Podcasts

3. What is the term for an on-line digital media file that can be audio or
video and does not require a media player only a computer with Internet
access?
A. Blog
B. Chat Room
C. Discussion Board
D. Podcast

4. Which of the following information types are the MOST dangerous to disclose?
A. Your first name
B. Your birth date
C. Your hair color
D. Your social security number

5. A cyber bully uses all of the following on-line methods to intimidate EXCEPT:

Information Management System Page 3

 A. On-line yelling—typing all uppercase
B. Fraudulent or malicious information posted to a webpage, blog, or other format
C. Pushing, hitting, screaming in person
D. Posting fake, misleading, or demeaning pictures of the victim

6. The “s” in https:// reveals that the site is:

A. Similar to http://
B. Sentinel software
C. Secure and protected
D. Susceptible to virus attacks

7. Identity Theft impacts individuals in all of the following ways EXCEPT:

A. Credit and criminal records
B. Financial records and bank accounts
C. Personal information
D. Pet names

8. Spyware tracks and monitors individual user habits through the use of:
A. Cookies
B. Cache
C. Scripts
D. Tags

9. Netiquette is BEST defined as:

A. Internet etiquette
B. Internet accessibility
C. Network knowledge
D. Good manners

10. E-mail is not confidential. Which of the following notations in an e-mail

header indicate that a copy has been sent without that person’s knowledge?
A. BC
B. BCC
C. CC
D. CCC

MY ANSWERS

1. B. Blog
2. C. Chat Rooms
3. D. Podcast
4. D. Your social security number
5. C. Pushing, hitting, screaming in person
6. C. Secure and protected
7. D. Pet names

Information Management System Page 4

 8. A. Cookies
9. A. Internet etiquette
10. B. BCC

Key Terms

Botnet - software application or script that performs task on

command, allowing an attacker to take complete control
remotely of an affected computer.

Breach - A hacker successfully exploits a vulnerability in a computer

or device and gains access to its files and networks.
Cloud – Technology that allows us to access our files and/or service
through the internet from anywhere in the world.
DDoS - an acronym that stands for distributed denial of service – a
form of cyber attack. This attack aims to make a service
such as website unusable by ’flooding’ it with malicious
traffic or data.
Encryption – a process of encoding data to prevent theft by ensuring the
data can only be accessed with a key.
Ransomware -a form of malware that deliberately prevents you from
accessing files on your computer-holding your data hostage.
Rootkit - a malware that allows cybercriminals to remotely control
your computer.
Software - Programs that tell a computer to perform a task.
Spyware - a malware that function by spying on user activity without
their knowledge.
White Hat/ Black Hat – White Hat: Breaches the network to gain

Information Management System Page 5

 sensitive information with the owner’s consent, making it
completely legal. This method is usually employed to test
infrastructure vulnerabilities. Black hat: Hackers that break
into the networks to steal information that will be used to
harm the owner or the user without consent. It’s entirely
illegal.

Introduction to Intrusion Triangle

This section introduces an overview of the conduct of Intrusion Triangle

testing and documentation, elements of IT security and the relation between
the information security principles.

 Intended Learning Outcomes

At the end of this section, the students should be able to:

1. Explain the concepts of Intrusion Triangle;

2. Draw their own security concept.
3. Explain how the information safety and security from unauthorized
access, use, disclosure, disruption, modification and destruction.

 Let’s Begin!
Watch a documentary about ‘Zero Days’. https://www.youtube.com/watch?v=PJBBRUraKgo

STUXNET: The Virus that Almost Started WW3

Information Management System Page 6

https://www.youtube.com/watch?v=7g0pi4J8auQ

Anatomy of an Attack - Zero Day Exploit

https://www.youtube.com/watch?v=-BIANfzF43k

 Think and Reflect

Answer the following questions:

1. What is the documentary ‘Zero Days’ all about?

ANS:
The documentary 'Zero Days' is a film directed by Alex Gibney that
explores the world of cyber warfare and the Stuxnet computer virus.
It delves into the covert operation by the United States and Israel to
develop and deploy the Stuxnet virus, which was designed to
sabotage Iran's nuclear program. The documentary investigates the
implications of cyber warfare, the potential for global cyber
conflicts,
and the secrecy surrounding government-sponsored cyber-attacks.

2. What is the significance of the documentary ‘Zero Days’ to digital safety

and security?
ANS: The documentary 'Zero Days' is significant to digital safety and
security because it sheds light on the capabilities and dangers of
cyber weapons and state-sponsored cyber attacks. It raises
awareness about the vulnerabilities of critical infrastructure
systems, the potential for destructive cyber warfare, and the need
for robust cybersecurity measures. It emphasizes the importance of
understanding and addressing the evolving threats in the digital
realm to safeguard national security, privacy, and individual safety.

3. What is Intrusion Detection and how its significance to safety and

security?
ANS: Intrusion Detection is the process of monitoring computer
systems or networks for unauthorized access, malicious activities,
or security breaches. It involves analyzing network traffic, system
logs, and other indicators to identify potential threats or intrusion
attempts. Intrusion Detection Systems (IDS) can be either host-

Information Management System Page 7

 based or network-based, and they play a crucial role in detecting
and responding to security incidents.

The significance of Intrusion Detection to safety and security lies in

its ability to detect and alert on potential attacks or unauthorized
activities. It helps organizations identify and respond to security
incidents promptly, minimizing the potential damage caused by
malicious actors. By deploying Intrusion Detection Systems,
organizations can strengthen their overall security posture and
enhance their ability to protect sensitive data, systems, and
networks.

4. What is the relationship of Secure System to Digital safety and Security.?

ANS: A Secure System refers to a computer system or network that
has implemented appropriate security measures to protect against
unauthorized access, data breaches, and other security threats. It
encompasses various elements such as secure software development
practices, robust access controls, encryption mechanisms, regular
security updates and patches, and ongoing monitoring and incident
response capabilities.
The relationship between a Secure System and digital safety and
security is crucial. A Secure System forms the foundation of
effective cybersecurity, providing the necessary safeguards to
protect against cyber threats. It helps mitigate risks, maintain data
confidentiality and integrity, and ensure the availability and
reliability of critical systems and services. By implementing secure
systems, individuals, organizations, and governments can reduce
vulnerabilities, prevent unauthorized access, and safeguard against
cyber-attacks.

5. Explain who is vulnerable to Digital safety and Security based on the

documentary.
ANS: The documentary 'Zero Days' highlights that everyone is
vulnerable to digital safety and security threats. The Stuxnet virus,
explored in the documentary, targeted a specific nation's nuclear
program, but the potential for cyber attacks extends beyond
governments and critical infrastructure. Individuals, businesses,
organizations, and governments worldwide face risks from hackers,
state-sponsored attacks, cybercriminals, and other malicious actors.
The documentary emphasizes that vulnerabilities exist in various
systems and networks, including personal computers, mobile

Information Management System Page 8

 devices, internet-connected devices, and critical infrastructure. It
underscores the need for individuals and organizations to be
vigilant, adopt strong security measures, and stay informed about
evolving threats to protect themselves from digital safety and
security risks.

6. Explain the ways to protect your Digital presence from Hackers and
Cyber-attacks based on documentary.
ANS: The documentary 'Zero Days' offers insights into protecting
your digital presence from hackers and cyber-attacks. Based on the
documentary, here are some ways to enhance your digital security:
Keep software and devices updated with the latest security patches.
Use strong and unique passwords for all online accounts and
consider using a password manager.
Be cautious of suspicious emails, attachments, and links, as they
may contain malware.
Enable two-factor authentication for added security.
Regularly back up important data to a secure location.
Use reputable antivirus and anti-malware software.
Be mindful of the information you share online and on social media
platforms.
Educate yourself about phishing attacks and other social
engineering techniques.
Be cautious when connecting to public Wi-Fi networks and use a
virtual private.

7. Why is it important for us to protect ourselves from security threats?

ANS:
It is important for us to protect ourselves from security threats for
several reasons. First, our personal safety can be compromised as
cybercriminals can steal personal information, leading to identity
theft and potential physical harm. Second, protecting ourselves
maintains our privacy and prevents unauthorized access to our
devices and sensitive information. Third, security threats can result in
financial loss through theft or unauthorized transactions. Fourth,
safeguarding against security threats ensures the integrity and
availability of our data. Fifth, a security breach can damage our
reputation and erode trust. Lastly, protecting ourselves contributes to
national security by preventing attacks on critical infrastructure and
sensitive government systems. Overall, protecting ourselves from

Information Management System Page 9

security threats is crucial for personal safety, privacy, financial
security, data protection, reputation, and national security.

Let’s Level-up!

1. Watch “Introduction to Intrusion Detection “on YouTube.

2. Download Digital Safety and Security: Teacher’s Perspective a
presentation slide from our LMS.
3. Watch video clip about “Sign of your computer has been hacked”. On
YouTube.
4. Download ‘Network Security’ a presentation slide from our LMS.

Let’s Do IT

Task 1. Based on what you have learned in the video and presentation slides,
draw your own safety and security concept and what are your precautionary
measures.

Information Management System Page 10

 Note: you can use separate paper and paste it here.
Describe each level of safety and security concepts you draw above and relate it
to any organization/ department, you identify and choose.

Digital safety and security are important topics in education. Schools can
take several steps to ensure the safety of their students online. Some of
these steps include taking ownership at a senior level, establishing a
strong online perimeter, updating content filters constantly, establishing
solid access control policies, checking third party providers thoroughly,
ensuring secure configuration and patch management, monitoring and
incident management, investing in cybersecurity and online safety
education, creating RUPs, filtering and blocking inappropriate content,
promoting digital citizenship through instruction on how to stay safe
online, establishing clear safety and security policies, assessing school
processes from time to time, documenting, investigating and reporting to
relevant personnel any suspicious incident at school, mandating carrying
of ID cards, training on safety and security, installing a central security
system and issuing access cards to restricted areas
Note: you can use separate paper and paste it here.

Task 2. How do you apply digital safety and security concepts in an

organization? Explain your answer comprehensively.

Organizations can apply digital safety and security concepts in

several ways to protect their data and systems from cyber threats.
Some tips to ensure that an organization does not fall victim to data
security breaches include crafting an Information Security
Management System (ISMS) by creating a data security policy,
establishing a “digital safe place” for verified data, fortifying security

Information Management System Page 11

on all company devices, investing in robust data security technology,
and adhering to the GDPR rules

An ISMS can help an organization establish policies, processes, and

protocols to manage the risks and vulnerabilities of its data
management. It can also ensure that the organization’s data security
efforts are aligned with its data policy guidelines 1. A digital safe
place can be a corporate file server, a secure cloud storage solution,
or even an encrypted flash drive. Employees should be reminded that
data not stored in this safe place is considered vulnerable to a

Digital Safety and Security

Terminology
This section introduces digital safety and digital security
terminology of information management system in relation to
basic security concepts.

 Intended Learning Outcomes

At the end of this section, the students should be able to:

1.Identify the basic digital safety and security terminology;

2.describe relationships and interaction of each security terminology to
information management system.
3.explain the benefits and importance of safety and security terminology to
security concepts.
4. Give example of at least a 10 safety and security terminology of information
management system.

 Let’s Begin
Watch the video clip about ‘Digital Safety and Security Terminology’ on
YouTube.

 Think and Reflect

Answer the following questions:

Information Management System Page 12

 1. List down 10 different safety and security terminology you learn from
watching the video clip from YouTube.

TERMINOLOGY MEANING
Short for malicious software,
malware is any type of harmful
Malware
software designed to damage or
disrupt a computer system
The fraudulent attempt to obtain
sensitive information such as
Phishing usernames and passwords by posing
as a legitimate person or entity.

A Distributed Denial of Service attack

is an attempt to make an online
DDoS Attack
service unavailable by overwhelming it
with traffic from multiple sources
A type of malware that encrypts a
victim’s files, holding them hostage
Ransomware unless the victim pays a ransom for
their decryption.

A network of private computers

infected with malicious software and
Botnet controlled as a group without the
owners’ knowledge.

An attack that exploits a previously

unknown vulnerability in a computer
application, meaning that the attack
Zero-Day Attack
occurs on “day zero” of awareness of
the vulnerability.

The process of converting information

or data into a code, especially to
Encryption
prevent unauthorized access.

A network security system that

monitors and controls incoming and
Firewall
outgoing network traffic based on
predetermined security rules.
Ensures that resources are only
granted to those users who are
Access Control
entitled to them.

Information Management System Page 13

 A program or set of programs that are
designed to prevent, search for,
detect, and remove software viruses,
Antivirus Software
and other malicious software like
worms, trojans, adware, and more.

2. Describe some relationship of the different security terminology as to

security concepts.

Many of the different security terminology are related to each other

in terms of the overall concept of digital safety and security. For
example, malware, phishing, DDoS attacks, ransomware, and botnets
are all types of cyber threats that can compromise the security of a
computer system or network. Encryption, firewalls, access control,
and antivirus software are all tools and techniques used to protect
against these threats. The relationship between this different security
terminology is that they all play a role in protecting against cyber
threats and ensuring the safety and security of digital systems and
data. Overall, these different security terminologies are all related to
the concept of digital safety and security and play an important role
in protecting against cyber threats.

Let’s Level-up!
1.Watch a video clip about ‘Common safety and security terminology’ on
YouTube.
2.Watch a video clip about ‘Digital Information safety’ and ‘Digital Security
Management’ on YouTube.

Information Management System Page 14

3.Watch a video clip about ‘Security Made Simple: New Security and
Connectivity Solutions’

Let’s do IT

Task 1.

1. Based on the video clip you watched about ‘Digital Information safety’
and ‘Digital Security Management’, What are the components of digital
safety governance? In order to have an effective digital security program.

Digital safety governance refers to the policies, processes, and

protocols put in place to manage the risks and vulnerabilities
associated with digital data management. In order to have an
effective digital security program, an organization must establish
clear accountability for digital strategy, policy, and standards. Some
components of digital safety governance may include a digital
strategy, digital policy, digital standards, digital guidelines, digital
processes, and a digital team structure. These components work
together to enable employees and the organization as a whole to build
and maintain a safe and secure digital presence.

Note: Do you agree/disagree that establishing and maintaining clear

policies, standard and procedures is one of the key factors in having a
successful digital safety and security programs?

Task 2.
1.What have you learned from the video clip ‘Security Made Simple: New
Security and Connectivity Solutions’, discuss your insight and what are
the practicability of its solution to real-life scenario in terms of digital
safety and security.
New Security and Connectivity Solutions” appears to be a webinar by
Cisco Meraki that discusses their recent security feature enhancements

Information Management System Page 15

 that simplify the management experience for large,
dispersed networks with common policy requirements.
Cisco Meraki is launching its biggest cross-product
security solutions to help create a simple and secure
digital workplace. In terms of the practicability of its
solutions to real-life scenarios in terms of digital safety
and security, it seems that Cisco Meraki’s solutions aim
to make it easier for companies to prevent data breaches and protect
their digital assets. By simplifying the management experience and
providing cross-product security solutions, Cisco Meraki’s solutions could
help companies create a more secure digital workplace.

Physical Security Control

This section introduces the concept of physical security control in the
information management system.

 Intended Learning Outcomes

At the end of this section, the students should be able to:

1.Draw and explain the phases of security control;

2.Explain the importance of the security access and control.
3.Enumerate some factors that disrupts the physical security and control.

 Let’s Begin
Watch a movie about ‘Eagle Eye’.

 Think and Reflect

Answer the following questions:

1.Why is it necessary to have a physical security control in place in the

movie ‘eagle eye’?
In the movie 'Eagle Eye,' it is necessary to have physical security
controls in place because they provide a tangible barrier against
potential threats and intrusions. Physical security controls help
protect sensitive information and ensure the safety of individuals
and critical assets. By implementing measures such as access

Information Management System Page 16

 control systems, surveillance systems, and security personnel, the
movie emphasizes the importance of physical security in preventing
unauthorized access, detecting suspicious activities, and
maintaining overall security within the facility.

2.What are the categories of physical security control in movie?

The movie 'Eagle Eye' showcases different categories of physical
security controls. These include access control, which regulates
entry to secure areas using key cards, biometric authentication, and
security guards. Perimeter security is also depicted through the use
of fences, walls, gates, and surveillance systems to secure the
boundaries of the facility. Additionally, the movie highlights the
role of surveillance systems, such as cameras, sensors, and alarms,
in monitoring and recording activities within the facility. Lastly, the
presence of security personnel demonstrates the importance of
physical security controls involving trained personnel who enforce
security measures, conduct patrols, and respond to security
incidents.

3.Explain why administrative physical security control important in the

movie.
Administrative physical security controls are crucial in the movie as
they establish policies, procedures, and protocols to ensure effective
physical security. These controls include security policies that
outline guidelines for employees, visitors, and contractors regarding
physical security practices. The movie also emphasizes the
significance of security training and awareness to educate
individuals about their roles, emergency procedures, and
compliance with security protocols. Incident response and
management procedures are portrayed to handle security breaches
and emergencies effectively. Additionally, the movie highlights the
importance of visitor management procedures to monitor and
control access by implementing registration, identification, and
escorting processes.

4.Discuss the technical physical security control and its significance to

network security in the movie.
In the context of network security in the movie 'Eagle Eye,'
technical physical security controls play a significant role. The
movie showcases the use of intrusion detection systems (IDS) that
monitor network traffic and identify potential threats or suspicious

Information Management System Page 17

 activities. Firewalls are depicted as crucial components, acting as a
barrier between internal and external networks to block
unauthorized access and protect against network-based attacks.
Video analytics software is shown to analyze surveillance footage,
detecting anomalies or unauthorized activities. Network
segmentation is also highlighted, dividing the network into isolated
segments to limit the impact of security breaches and restrict
lateral movement for attackers.

5. Design your own idea about physical security, that will reinforce
physical security of the movie.
To reinforce the physical security in the movie 'Eagle Eye,' an
additional idea could involve implementing biometric
authentication systems to enhance access control. By
integrating fingerprint or iris scanners, the facility can ensure
that only authorized personnel can enter restricted areas,
reducing the risk of unauthorized access. Furthermore,
establishing highly secure data centers with strict access
controls, redundant power and network connectivity, and
advanced environmental monitoring systems would protect
critical information and infrastructure. Integrating a threat
intelligence platform that continuously gathers and analyzes
information about emerging threats would enable proactive
measures to prevent potential attacks. Additionally, installing
advanced physical intrusion detection systems, such as laser or
motion sensors, would provide an extra layer of security to
detect and deter unauthorized entry. Conducting periodic red
team exercises would allow the facility to simulate real-world
attacks, identifying vulnerabilities and improving overall
physical security readiness.

Let’s Level-up

Watch the video clip about ‘Physical Security Control’ on

YouTube of the following:

Information Management System Page 18

 1. Physical security

2. Security access control

3. Basics of access control

4. Access control model

5. Implementing effective physical security countermeasures.

Let’s do IT

Task 1. Draw a diagram that describes how to properly conduct physical

security control.

Note: you can use separate paper and paste it here.

Task 2. Download ‘Introduction to Information Security Management’ and

’Create an effective security access control.

To create effective security access control, an organization can take

several steps such as:

Information Management System Page 19

Conducting a risk assessment to identify potential threats and
vulnerabilities.

Developing and implementing an access control policy that defines

who has access to what information and under what conditions.

Implementing technical controls such as user authentication and

authorization mechanisms to enforce the access control policy.

Monitoring and auditing access to sensitive information to ensure

compliance with the access control policy.

Regularly reviewing and updating the access control policy to ensure

it remains effective in addressing new threats and vulnerabilities.

Task 3. What are the Basics of access control? Discuss comprehensively.

Access control refers to the selective restriction of access to a place or

resource. The goal of access control is to ensure that only authorized
individuals have access to certain resources or areas. There are several
basic components of access control, including identification,
authentication, authorization, and accountability. Identification is the
process of verifying the identity of a user, typically through the use of
unique identifiers such as usernames or ID cards. Authentication is the
process of verifying that a user is who they claim to be, typically through
the use of passwords, biometric data, or security tokens. Authorization is
the process of determining whether a user has permission to access a
particular resource or area. Accountability is the process of tracking and
recording user activity to ensure compliance with security policies and to
enable auditing and forensic analysis in the event of a security breach.
Overall, access control is an essential component of information security,
as it helps ensure that only authorized individuals have access to
sensitive information and resources.Note: you can use separate paper and
paste it here.
Task 4. How to Implement an effective physical security countermeasure?

To implement effective physical security countermeasures, an organization

can take several steps, including:

Conduct a risk assessment: Identify potential threats and vulnerabilities

to the physical security of the organization.

Information Management System Page 20

Develop a security plan: Based on the risk assessment, develop a plan to
address the identified threats and vulnerabilities.

Implement security measures: Implement physical security measures

such as surveillance cameras, access control systems, and security
personnel to monitor and restrict access to sensitive areas.

Train employees: Train employees on security protocols and procedures

to ensure they understand their role in maintaining physical security.

Conduct regular audits: Conduct regular audits to assess the

effectiveness of physical security measures and identify any areas for
improvement.

Task 5. Watch a video clip about ‘Cisco Meraki – how to use the dashboard’
https://www.youtube.com/watch?v=ERMzSrDALFs
Discuss what have you learned from the video clip and what is the
significance of it to real life solution in information management system?

The video about Cisco Meraki showcases its cloud-managed network

infrastructure solution, emphasizing its key features and benefits. The
significance of Cisco Meraki in real-life information management systems is
profound. It offers centralized management, allowing administrators to
efficiently configure, monitor, and troubleshoot network devices from a single
dashboard. This streamlined approach saves time and enhances operational
efficiency. The platform also provides enhanced visibility and control, enabling
administrators to gain insights into network performance, user behavior, and
application usage. This empowers informed decision-making and optimization
of information management systems. Additionally, Cisco Meraki offers
scalability and flexibility, accommodating the evolving needs of organizations. It
simplifies security measures with built-in protocols and centralized policy
enforcement, bolstering the protection of information systems. Remote
accessibility and monitoring capabilities further enable prompt response to
network issues. Overall, Cisco Meraki plays a vital role in simplifying network
management, improving visibility, ensuring security, and enhancing overall
performance in real-life information management systems.

Preventing Accidental Compromise

of Data
This section presents the role on how to prevent accidental
compromise of Data.

Information Management System Page 21

  Intended Learning Outcomes
At the end of this section, the students should be able to:

1.explain the concepts in preventing accidental compromise of Data;

2.explain how to avoid accident in compromise data.

3.Draw/illustrate your plan in preventing accidental compromise of data.

 Let’s Begin
Download a presentation slides on ‘IT Security Threats Vulnerabilities
and Countermeasures’ on BiPSU-LMS under our subject Information
Management System.

 Think and Reflect

Answer the following questions:

1.What is digital safety and security?

Digital safety and security refers to the measures taken to protect against
threats to the confidentiality, integrity, and availability of digital information
and systems. This can include measures such as using strong passwords,
updating software regularly, and being cautious when opening emails or clicking
on links from unknown sources.

2.What are the strategies to help students consistently keep digital safety in
the forefront of their minds.

To help students consistently keep digital safety in the forefront of their minds,
educators can implement several strategies such as incorporating digital safety
education into the curriculum, providing students with resources and tools to
help them stay safe online, and encouraging open communication about digital
safety concerns.

3.What are the signs your computer has been hacked?

Some signs that your computer may have been hacked include unusual pop-ups
or error messages, slow performance, changes to your homepage or search
engine, unfamiliar programs starting up when you turn on your computer, and
unexpected changes to your files or settings.

Information Management System Page 22

4.Who is vulnerable to attacks?

Anyone who uses digital devices, or the internet is vulnerable to attacks.

However, individuals or organizations that do not take proper precautions to
protect their digital information and systems are at a higher risk of being
targeted by hackers and cybercriminals.

5.What are the ways to protect your digital footprints from hackers and cyber-
attack?

There are several ways to protect your digital footprints from hackers and
cyber-attacks, including using strong passwords and multi-factor
authentication, updating software regularly, being cautious when opening
emails or clicking on links from unknown sources, backing up important
data regularly, and using security software such as antivirus programs and
firewalls.

Let’s Level-up

1. Watch the following video in YouTube;

a. Security Awareness Quick Tip: How to Prevent Your Data from Getting
Leaked.
b. Data Loss/Leak Prevention, Security Basics.
c. Prevent Confidential Data Leaks.
d. Protecting your Sensitive Data.

2.Watch a video clip about ‘The Fifth Estate’.

Information Management System Page 23

 Let’s do IT

Task 1.

1. Based on the movie ‘The Fifth Estate’ classify the different concepts in
preventing accidental compromise of Data and explain each concept.

In the movie "The Fifth Estate," there are several concepts related
to preventing accidental compromise of data. These concepts can
be classified as follows:

Access Control: Access control refers to the mechanisms in place

to restrict access to sensitive data and ensure that only authorized
individuals can view or modify it. This includes implementing
strong user authentication methods, such as passwords or
biometrics, and assigning appropriate access privileges based on
roles and responsibilities. Access control helps prevent accidental
exposure of data by limiting access to only those who need it.

Encryption: Encryption involves converting data into a secure

format that can only be accessed with the appropriate decryption
key. By encrypting sensitive information, even if it is accidentally
disclosed or intercepted, it remains unreadable and unusable to
unauthorized individuals. Encryption provides an additional layer
of protection against accidental data compromise.

Data Backup and Recovery: Regular data backup and recovery

processes are crucial in preventing accidental data loss or
compromise. By maintaining up-to-date backups of critical data,
organizations can quickly recover from accidental deletions,
system failures, or other unforeseen events. This ensures that even
if data is compromised, it can be restored from a backup copy.

Training and Education: Educating employees about data security

best practices is vital in preventing accidental compromise of data.
This includes raising awareness about the importance of data
protection, recognizing potential risks, and providing training on
how to handle sensitive information securely. Proper training
helps employees understand their responsibilities and reduces the
likelihood of accidental data breaches.

Information Management System Page 24

 Data Classification and Handling: Data classification involves
categorizing data based on its sensitivity and assigning appropriate
handling procedures. This ensures that employees are aware of the
level of security required for different types of data. Clear
guidelines on how to handle sensitive information, such as using
secure communication channels or securely storing data, help
prevent accidental exposure or compromise.

Incident Response: Having a well-defined incident response plan is

crucial for handling and mitigating the impact of accidental data
compromises. This includes establishing protocols for reporting
incidents, conducting investigations, and implementing
appropriate remediation measures. A robust incident response plan
enables organizations to respond promptly and effectively to
mitigate the consequences of accidental data compromises.

In the movie ‘The Fifth Estate’ explain how to avoid accident in

compromise data.

In the movie "The Fifth Estate," several strategies are highlighted

to avoid accidental compromise of data. These strategies include
implementing strong access controls to ensure only authorized
individuals have access to sensitive data, encrypting the data to
protect it from unauthorized access even if it is accidentally
disclosed, regularly backing up data to mitigate the impact of
accidental loss or compromise, providing comprehensive training
to employees on data security best practices to minimize the risk
of accidental breaches, enforcing data handling policies to guide
employees in securely managing sensitive information, and having
a well-defined incident response plan to promptly address and
mitigate the consequences of accidental compromises. By
incorporating these strategies into information management
systems, organizations can proactively prevent accidental data
compromise and strengthen their overall data security.

___________________________________________________________________________
If you are to solve problem encountered in the movie ‘The Fifth Estate’
How do you intend to solve it, please draw/illustrate your plan in
preventing accidental compromise of data.

Information Management System Page 25

Task 2. Explain the concepts in preventing accidental compromise of Data;
based on the video clip ‘Security Awareness Quick Tip: How to Prevent Your
Data from Getting Leaked’

In the video clip "Security Awareness Quick Tip: How to Prevent Your
Data from Getting Leaked," several key concepts are highlighted to
prevent accidental compromise of data. These concepts include using
strong and unique passwords, implementing two-factor authentication for
an additional layer of security, being aware of phishing attempts and
avoiding sharing personal information through email or unknown
platforms. The video also emphasizes the importance of encrypting
sensitive data, using secure Wi-Fi connections, employing secure methods
for file sharing, regularly updating software, and being cautious of
potential security risks. By following these concepts and integrating them
into daily practices, individuals can significantly reduce the risk of
accidental data leaks and enhance data security in their personal and
professional lives. The video serves as a helpful reminder of the
fundamental steps one can take to protect their data from unauthorized
access and leakage.

Task 3. Explain how to avoid accident in compromise data. Based on the video
clip ‘Data Loss/Leak Prevention, Security Basics.’ And ‘Prevent Confidential
Data Leaks’.
In the video clips "Data Loss/Leak Prevention, Security Basics" and
"Prevent Confidential Data Leaks," several key strategies are
emphasized to avoid accidental compromise of data. These strategies
include employee training and awareness programs to educate staff
about data security best practices, data classification and access
controls to restrict access to sensitive data, encryption to protect
data both at rest and in transit, secure file transfer methods to ensure
safe transmission of sensitive information, regular data backups to
prevent data loss, endpoint security measures to safeguard against

Information Management System Page 26

unauthorized access and malware, data leakage prevention solutions
to monitor and control data movement, and having a well-defined
incident response plan to effectively address data breaches or
accidental compromises. By implementing these strategies,
organizations can mitigate the risk of accidental data compromise
and strengthen their overall data security posture, ensuring the
protection of confidential information in real-life information
management systems.

Task 4. Draw/illustrate your plan in preventing accidental compromise of

data. Based on the video clip ‘Protecting your Sensitive Data’.

Note: you can use separate paper and paste it here.

Information Management System Page 27

 Suggested Reading

1. Jajodia, Sushil and Yu, Ting(2007). Basic Security Concepts. Retrieved from

https://www.researchgate.net/publication/226962016_Basic_Security_Concept

2. Gaigole, Monali S and Kalyankar, M.A.(2015). The Study of Network Security

with Its Penetrating attacks and Possible Security Mechanisms. Retrieved from
https://www.ijcsmc.com/docs/papers/May2015/V4I5201599a46.pdf

3. Sen, Jaydip and Mehtab, Sidra(2020). Computer and Network Security.

Retrieved from
https://www.academia.edu/43747747/
Computer_and_Network_Security_Edited_by_Jaydip_Se n_and_Sidra_Mehtab

4. Dhawan, Sandeep(2014). Information and Data Security Concepts, Integration,

Limitations and Future. Retrieved from
https://www.researchgate.net/publication/
270218681_Information_and_Data_Security_Conce
pts_Integrations_Limitations_and_Future

5. Alcantara, B.T. and Cravo V.(2020). Security in Cyberspace: Dynamics, Limits

and Opportunities- A Workshop Report. Retrieved from
http://www.academia.edu/Documents/in/Cyber_Security

6. Teller, D., Hirschkoff, D. and Zimmer P.(2019) Using Ambien’s to Control

Resources. Retrieved from

Information Management System Page 28

 https://www.researchgate.net/publication/
225885863_Using_Ambients_to_Control_Resources

Assessment

Task Description
After completing the module, create a 10-minute explainer video
highlighting the Digital Safety and Security it’s activities and technological
impact that affects the organization/departments. Ideas presented in the video
must be of your own insight.
Create a teaser or introduction of the video and publish it on YouTube or
any other social media platform. The video should have a concrete steps that
are doable and guided by the following questions below:

Information Management System Page 29

 1. What is the concepts of Intrusion Triangle and How the information
security and protection from unauthorized access, use, disclosure,
disruption, modification and destruction?
2. What is the relationship and interaction of each digital safety and
security terminology to information management system and give at least
10 security terminology?
3. Explain and Enumerate the factors that disrupts the physical security
and control.
4. Describe the concepts in preventing accidental compromise of Data; and
5. Explain how to avoid accident in compromise data.

Note: Follow the steps in making an explainer video. Refer to

https://www.youtube.com/watch?v=hilYom8X7ew

The explainer video will be assessed using the rubrics below.

Performance Level Needs Improvement Satisfactory Excellent

Storyboard Students included an Students Students

incomplete narrative completed a completed a
and/or the narrative narrative and narrative and
did not match video counter narrative Counter
on time, but some narrative. The
items are not position is clearly
thoroughly stated with
described visual and/or
rhetorical effects
that are
impactful.

Information Management System Page 30

Subject Content Subject knowledge is Subject Subject
not evident. knowledge is knowledge is
Information is evident in much evident
confusing, incorrect, or of the video. Most throughout the
flawed. information is video. All
clear, appropriate, information is
and correct. clear, appropriate
and correct

Video content and The video lacks a Information is Video includes a

organization central theme, clear connected to a clear statement of
point of view, and theme. Details purpose. Events
logical sequence of are logical and and messages are
information. Much of information is presented in a
the information is relevant logical order, with
irrelevant to the throughout most relevant
overall message of the video information that
supports the
video’s main
ideas.
Introduction The introduction does The introduction The introduction
not orient the viewer is clear and is motivating, and
to what will follow. coherent and hooks the viewer
evokes moderate from the
interest/response beginning.
from the viewer.

Mechanics The text and audio The text and The text and
have 4 or more audio have 1-2 audio have no
grammar or spelling grammar or grammar or
errors spelling errors. spelling errors
Production Video is of poor Tape is edited. A Tape is edited.
quality and is variety of Video runs
unedited. There are transitions are smoothly from
no transitions added used and most shot to shot. A
or transitions are transitions help variety of
used so frequently tell the story. transitions are
that they detract from Most of video has used to assist in
the video. There are good pacing and communicating
no graphics. timing. Graphics the main idea.
are used Shots and scenes
appropriately. work well
together.
Graphics explain
and reinforce key
points in the
video.
Total

Information Management System Page 31

Project Grade

Self-Assessment

I. Directions: Write letter of the correct answer

1. Server as a gateway between a trusted and untrusted networks that

gives limited, authorized access to untrusted host.

a. Layer 6
b. Traceroute
c. Bridges
d. Bastion host

2. A basic network mapping technique that helps narrow the scope of an

attack:

Information Management System Page 32

 a. Firewalls
b. Voice over IP (VoIP)
c. Ping scanning
d. Bridges

3. Layering model structured into four layer (link layer, network layer,
transport layer and application layer.

a. Remote procedure calls (RPC)

b. TCP/IP or Department of Defense (DoD) model
c. Screen scraper
d. Traceroute

4. Provides connection-oriented data management and reliable data

transfer:
a. Traceroute
b. Bastion hosts
c. Decryption
d. Transmission control protocol (TCP)

5. Provides a lightweight service for connectionless data transfer without

error detection and connection:

a. Layer 3
b. Layer 1
c. Screen scraper
d. User Datagram Protocol (UDP)

6. A virtual private network (VPN) is an encrypted tunnel between two

hosts that allows them to securely communicate over an untrusted
network:

a. True
b. False

7. OSI reference model is a layering model structured into seven layers

(physical layer, data-link layer, network layer, transport layer, session
layer, presentation layer, application layer

a. True
b. False

Information Management System Page 33

 8. Firewalls as devices that enforce administrative security policies by
filtering incoming traffic based on a set of rules,
a. True
b. False

9. Fibre Channel over Ethernet (FCoE) is a stateful protocol that requires

two communication channels.
a. True
b. False

10.Transmission Control Protocol (TCP) provides connection-oriented data

management and reliable data transfer.
a. True
b. False

Vision
A state university leading in research and innovation for human empowerment and
societal development.

Mission
To advance the university through innovative human resource, responsive research,
sustainable production, and demand-driven extension services.

Information Management System Page 34

 CoreValues
Brilliance Innovation Progress Service & Unity

Biliran Province State University, Main Campus, P. Inocentes St., P.I.Garcia,

Naval, Biliran Province, Philippines 6560 Telefax.(053) 507-0014
SUC Level III-A (Per DBM-CHED Joint Circular #B dated June 21, 2007)
Website: www.bipsu.edu.ph | BiPSU-LMS: https://lms.bipsu.edu.ph

#WOWBiPSU

Information Management System Page 35