CS 405 REVIEWER

COMPUTER SECURITY
- Computer security also known as cybersecurity, focuses on protecting computer
systems, networks, and data from unauthorized access, attacks, damage, or theft.
It ensures that sensitive data remains protected, operations are not disrupted, and
resources are used appropriately
IMPORTANCE OF COMPUTER SECURITY
-Computer security is critical for safeguarding information, maintaining operational
functionality, and ensuring user trust. It reduces the risk of unauthorized access,
data breaches, financial losses, and reputational harm
3 PRINCIPLES OF COMPUTER SECURITY
1. Confidentiality
 Confidentiality ensures that sensitive information is only accessible to
an authorized individuals or systems.
REAL-WORLD EXAMPLES:
• Secure messaging apps like WhatsApp or Messenger used end-to-
end encryption
2. Integrity
 Integrity ensures that data is accurate and consistent, and cannot be
altered or tampered with undetected.
REAL-WORLD EXAMPLES:
• Software update files are signed digitally to verify their authenticity
and integrity
3. Availability
 Availability ensures that systems, data, and resources are accessible to
authorized users whenever needed.
REAL-WORLD EXAMPLES:
• Banks use high-availability systems to ensure 24/7 access to online
banking services
WHAT IS “BUYING SECURITY”?
In the context of computer security, "buying security" typically refers to the
acquisition of security products, services, or solutions designed to protect
computer systems, networks, and data from cyber threats
BUYING SECURITY OFFERS:
1. Software Solutions
2. Hardware Solutions
3. Cloud Security Services
4. Managed Security Services
5. Consulting And Training
6. Compliance Solutions
IMPORTANCE OF BUYING SECURITY
1. PROTECTION OF SENSITIVE DATA
 o Investing in security measures helps safeguard sensitive information
such as personal data, financial records, and intellectual property from
unauthorized breached.
2. MITIGATION OF CYBER THREATS
o With the rise of cybercrime, including ransomware and phishing
attacks, purchasing security solution is crucial to defend against these
evolving threats that can compromise systems and data
3. REGULATORY COMPLIANCE
o Many organizations are required to comply with data protection
regulations. Investing in security ensures adherence to these laws,
avoiding potential fines and legal issues
4. MAINTAINING BUSINESS CONTINUITY
o effective security measures help prevent disruptions caused by cyber
incidents, ensuring that business operations can continue smoothly
without significant downtime
5. BUILDING CUSTOMER TRUST
o Demonstrating a commitment to security can enhance customer
confidence, as clients are more likely to engage with businesses that
prioritize the protection of their data
6. COST-EFFECTIVENESS
o While there is an upfront cost associated with purchasing security
solutions, the potential financial losses from data breaches, including
recovery costs and reputational damage, can far exceed initial
investment.
7. HOLISTIC RISK MANAGEMENT
o Security investment contribute to a comprehensive risk management
strategy, addressing not only technological vulnerabilities but also
human and process related risks.
8. ADAPTION TO TECHNOLOGICAL CHANGES HOLISTIC RISK
MANAGEMENT
o Security investment contribute to a comprehensive risk management
strategy, addressing not only technological vulnerabilities but also
human and process related risks. As technology evolves, so do the
methods used by cybercriminals. Investing in security ensures that
organizations can adapt to new threats and protect their assets
effectively.
ELEMENTS OF COMPUTER SECURITY
1. PREVENTION
o Measures to stop security breaches before they occur, such as
firewalls, antivirus software, and training.
2. DETECTION
o Identifying potential security threats through intrusion detection
systems (IDS) and monitoring tools
3. RESPONSE
o Responding to and mitigating the effects of security incidents with
incident response plans
4. RECOVERY
o Restoring normal operations after a security breach, often involving
backups and disaster recovery solutions
EXTENT OF RESPONSIBILITIES
1. ORANIZATIONS
o Responsible for implementing security policies, training employees,
and safeguarding customer data
2. EMPLOYEE
o Must follow security protocols, report suspicious activities, and avoid
risky behaviors like using weak passwords.
3. VENDORS
o Should ensure their products and services comply with security
standards
4. GOVERNMENT
o Enforces regulations and provides framework like GDPR or HIPAA to
ensure compliance
THREAT CATEGORIES & REPORTED CRIMES
1. DISGRUNTLED EMPLOYEE OR CONTRACT EMPLOYEE (INSIDER
THREAT CRIME) EXAMPLE:
o Deleting or corrupting sensitive data
o Leaking confidential information
o Sabotaging critical systems
PREVENTIVE MEASURES: •
o Restricting Access
o Activity Monitoring
o Security Awareness Training
2. ORGANIZED CRIME OR DRUG CARTEL
EXAMPLE:
o Ransomware attacks
o Stealing financial information
o Money Laundering
PREVENTIVE MEASURES:
o Strong encryption
o Secure payment gateways
o Law enforcement collaboration
3. CYBERCRIMINAL
EXAMPLE:
o Phishing scams
o Identity Theft
o Distributed Denial of Service (DDoS) attacks
PREVENTIVE MEASURES:
o Anti-Malware solutions
o User education
o Network monitoring
4. COMPETITORS
 EXAMPLE:
o Stealing trade secrets
o Spreading disinformation
o Hacking proprietary systems
PREVENTIVE MEASURES:
o Protect intellectual property
o Conduct risk assessments
o Legal measures
5. HACKERS
EXAMPLE:
o Website defacement
o Exploiting software vulnerabilities
o Data breaches
PREVENTIVE MEASURES:
o Software updates
o Penetration testing
o Firewalls and IDS
6. GOVERNMENT
EXAMPLE: •
o Cyber espionage
o Attacking critical infrastructure
o Spreading misinformation
PREVENTIVE MEASURES:
o National Cybersecurity frameworks
o International collaboration
o Advanced Monitoring
 IMPLICATION OF THREATS TO ORGANIZATIONS
FINANCIAL LOSSES
1. Data Breaches
o Unauthorized access to sensitive personal data, such as health records
or financial information
2. Identity Theft
o Stolen personal data can be used for identity theft, leading to financial
losses and reputational damage.
3. Surveillance
o Unauthorized surveillance can compromise individual privacy.
IMAGE LOSS
1. Reputational Damage
o Security breaches can damage an organization’s reputation and erode
customer trust.
2. Loss of Customer Confidence
o Customer may lose confidence in any organization’s ability to protect
their data.
3. Negative Media Coverage
o Security breaches can attract negative media coverage, further
damaging an organization’s reputation.
LEGAL IMPLICATIONS
1. Regulatory Compliance
o Organization must comply with relevant regulations, such as GDPR,
HIPAA, or PCI-DSS.
2. Litigation
o Security breaches can lead to litigation, resulting in financial losses and
reputational damage.
3. Fines and Penalties
o Organizations may face fines and penalties for noncompliance with
regulatory requirements.
 WHAT IS TECHNIQUE OF INTRUDERS?

- In computer security, "techniques of intruders" refer to the various methods

hackers or attackers use to gain unauthorized access to systems, steal data, or
disrupt operations. These techniques can vary based on the attacker's
objectives, whether it's for espionage, financial gain, or causing damage

COMMON MEHODS USED BY ATTACKERS:

1. Phishing
o Attackers impersonate a legitimate entity (e.g., a bank, a service
provider) to trick users into sharing sensitive information like usernames,
passwords, or financial data.
2. Brute Force Attacks
o An attacker attempts to gain access by trying every possible combination
of characters for a password or encryption key.
3. Social Engineering
o Attackers manipulate people into giving up confidential information or
performing actions that compromise security.
4. Malware (e.g., Trojans, Viruses, Ransomware)
o What it is: Malicious software that is used to compromise systems, steal
data, or disrupt operations.
5. SQL Injection
o An attack where malicious SQL code is injected into an input field (e.g., a
login form) to manipulate a website’s database.
6. Denial of Service (DoS) / Distributed Denial of Service (DDoS)
Attacks
o The attacker floods a server or network with traffic to overwhelm it and
prevent legitimate users from accessing the system.
7. Cross-Site Scripting (XSS)
o Attackers inject malicious scripts into websites that are then executed in
the browsers of users visiting those sites.
8. Privilege Escalation
o Gaining higher levels of access or control within a system, usually by
exploiting vulnerabilities or flaws
9. Man-in-the-Middle (MitM) Attacks
o The attacker intercepts and potentially alters communication between two
parties without their knowledge.
10. Keylogging
o A type of surveillance where the attacker records every keystroke made
by the user, capturing sensitive data like passwords, credit card numbers,
or personal information.
11. DNS Spoofing (DNS Cache Poisoning)
o The attacker manipulates the DNS records to redirect users to malicious
websites, even when they enter the correct domain name (e.g.,
google.com).
12. Rootkits
 o Malicious software that hides its presence on a compromised system,
allowing attackers to maintain control and avoid detection
13. Session Hijacking
o The attacker takes control of a user’s active session, typically through
stealing session cookies or using a vulnerable web application
HOW TO DEFEND AGAINST COMMON INTRUDER’S TECHNIQUES:
1. Regularly Update and Patch Systems:
o Ensure that operating systems, software, and firmware are always up to
date to fix known vulnerabilities.
2. Use Strong Passwords and Multi-Factor Authentication (MFA):
o Encourage the use of long, complex passwords and enable MFA to add an
extra layer of security.
3. Encrypt Sensitive Data:
o Use encryption both at rest and in transit to protect data from being
intercepted or tampered with.
4. Train Users and Employees:
o Conduct regular security awareness training to help individuals recognize
phishing attempts, social engineering tactics, and suspicious activity.
5. Backup Data Regularly:
o In case of a ransomware attack or other data loss incident, having secure
backups can prevent total data loss.
SOPHISTICATED METHODS EMPLOYED BY ATTACKERS:
1. Advanced Persistent Threats (APT)
o APTs are long-term, targeted cyberattacks where intruders infiltrate a
network and remain undetected for extended periods to steal sensitive
data or carry out espionage.
2. Zero-Day Exploits
o A zero-day exploit occurs when an attacker takes advantage of a
vulnerability in software or hardware that is unknown to the vendor or has
not yet been patched.
3. Fileless Malware
o Fileless malware operates entirely in memory and does not write
malicious code to the hard drive, making it harder for traditional antivirus
software to detect
4. Man-in-the-Browser (MitB) Attacks
o MitB attacks occur when malware infects a web browser and modifies the
behavior of legitimate websites, often during a banking or financial
transaction.
5. Credential Stuffing
o In credential stuffing, attackers use previously stolen or leaked usernames
and passwords to attempt to access multiple accounts, taking advantage
of people who reuse passwords across different services.
6. Side-Channel Attacks
o Side-channel attacks exploit the physical characteristics of a system, such
as timing, power consumption, or electromagnetic emissions, to gather
information about the system’s operations, potentially revealing secrets
like encryption keys.
7. Kernel Exploits
 o Kernel exploits target the core part of an operating system (the kernel) to
gain unauthorized access to system resources and escalate privileges.
8. DNS Tunneling
o DNS tunneling is a technique where attackers use DNS queries and
responses to send and receive data that would typically be blocked by
firewalls, allowing them to exfiltrate data or maintain command-and-
control (C&C) communication.
9. RAT (Remote Access Trojan)
o A RAT is a type of malware that gives an attacker full control over an
infected computer, allowing them to monitor activities, steal files, capture
keystrokes, or install additional malware.
10. Rogue Access Points
o A rogue access point is a malicious Wi-Fi hotspot set up by an attacker to
mimic a legitimate network, often with the intention of intercepting
sensitive data or injecting malware.
11. Cryptojacking
o Cryptojacking is the unauthorized use of a victim's computer or network
to mine cryptocurrency.
12. Advanced Malware Obfuscation Techniques
o Attackers often obfuscate or encrypt the malicious payload to prevent
detection by security software. This can include polymorphic malware
(which changes its code to evade detection) or packing (compressing or
encrypting the malware).

DEFENDING AGAINST SOPHISTICATED INTRUDER’S TECHNIQUES:

1. Implementing Advanced Threat Detection:
o Use endpoint detection and response (EDR) systems, intrusion prevention
systems (IPS), and continuous network monitoring to detect and mitigate
threats in real time.
2. Application of Zero Trust Models:
o Adopt a "Zero Trust" security model, where every user, device, and
system is verified and authorized before being allowed to access
resources, regardless of their location.
3. Regular Patching and Updates:
o Keep all systems, software, and firmware updated to protect against
known vulnerabilities.
4. User Education and Training:
o Regularly train employees and users on security best practices, such as
recognizing phishing attempts and safe browsing habits.
5. Strong Authentication and Access Controls:
o Use multi-factor authentication (MFA) and implement role-based access
control (RBAC) to limit access to sensitive data or systems based on need
to-know principles.
ORGANIZATIONAL SHORTCOMINGS ANG MANAGEMENT CONCERNS
o Lack of Clear Security Policies and Procedures
o Insufficient Budget Allocation for Cybersecurity
o Lack of Security Leadership and Accountability
o Inadequate Employee Training and Awareness
o Failure to Implement Strong Access Controls
 o Inadequate Incident Response and Recovery Planning
o Weak Vendor and Third-Party Management
o Failure to Adopt a Proactive Security Approach
MANAGEMENT CONCERNS IN COMPUTER SECURITY
o Balancing Security with Business Needs
o Security vs. Cost Considerations
o Compliance and Legal Risks
o Managing the Evolving Threat Landscape
o Security Culture and Employee Engagement
o Cybersecurity Talent Shortage
o Vendor and Third-Party Risks
o Incident Response and Recovery
ADDRESSING ORGANIZATIONAL SHORTCOMINGS AND MANAGEMENT
CONCERNS
1. Leadership and Accountability:
o Senior management must prioritize cybersecurity as a key business
function. Appoint dedicated security leaders, such as a CISO, to oversee
and drive security initiatives across the organization.
2. Continuous Education and Training:
o Ensure employees are regularly educated on security best practices and
the latest threats to prevent human error and increase awareness of the
organization’s security posture.
3. Collaborative Approach:
o Encourage collaboration between IT, security, legal, and other
departments to ensure cybersecurity is integrated into business strategies
and operations.
4. Scalable Security Infrastructure:
o As the organization grows, invest in scalable security solutions that can
evolve with new business needs, technologies, and threats
 TYPES OF INFORMATION SECURITY CONTROL
What are Information Security Controls?
Information security controls are measures that help reduce risk, such as
breaches, data theft, and unauthorized changes to digital information. Information
security controls may include hardware devices, software, policies, plans, and
procedures that improve an organization’s security performance.

TYPES OF INFORMATIN SECURITY CONTROLS

1. Preventive controls:
As the name implies, preventive controls are designed to identify and
address vulnerabilities within your information systems before those
weaknesses become a gateway for cyber threats. Through diligent risk
management practices, your team can identify potential weaknesses and take
steps to fortify your systems. By mitigating risks in advance, you can
significantly reduce the likelihood of experiencing a cybersecurity incident.
Example: Firewalls, Access controls (passwords, biometer, authentication),
encryption, and Security awareness trainings
2. Detective controls:
Detective controls act as guardians, alerting you to potential breach
attempts and ongoing data breaches. These controls serve as early-warning
systems, equipping your cybersecurity staff with timely information to take
immediate action. By detecting and responding to threats swiftly, you can limit
the extent of the damage and protect your valuable assets.
Examples: Intrusion detection system (IDS), Security audits and Log
monitoring
3. Corrective controls:

Corrective controls enter the picture after an incident has happened. They
exist to minimize damage, facilitate recovery, and repair weaknesses so a
similar attack doesn’t happen again. For example, robust backup mechanisms
are a corrective control because they let you restore compromised data. By
 employing effective backups, you can mitigate data loss and expedite the
restoration of your systems, reducing downtime and restoring normal
operations promptly.

Examples: Backups and disaster recovery plans, Patching vulnerabilities and

Incident response procedures

AUDIT TRAILS
refers to a chronological record or set of logs that provide detailed
information about all activities, events, and transactions performed within a
system. These trails are essential for monitoring, detecting, and analyzing
potential security incidents, ensuring accountability, and maintaining compliance
with security policies and regulations.
Examples:
o System Access Logs
o Transaction Logs
o File Access Logs
o Network Activity Logs
o Application Logs

INTRUSION DETECTION METHOD

What is an Intrusion Detection System (IDS)?
An intrusion detection system (IDS) is an application that monitors network
traffic and searches for known threats and suspicious or malicious activity.
2 TYPES OF IDS
1. Network Intrusion Detection System (NIDS)
o A NIDS solution is deployed at strategic points within an organization’s
network to monitor incoming and outgoing traffic. This IDS approach
monitors and detects malicious and suspicious traffic coming to and
going from all devices connected to the network.
2. Host Intrusion Detection System (HIDS)
o A HIDS system is installed on individual devices that are connected to
the internet and an organization’s internal network. This solution can
detect packets that come from inside the business and additional
malicious traffic that a NIDS solution cannot. It can also discover
malicious threats coming from the host, such as a host being infected
with malware attempting to spread it across the organization’s system.
WHAT ARE THE DETECTION METHODS OF IDS?
intrusion detection methods primarily refer to the techniques used by an
Intrusion Detection System (IDS) to identify potential malicious activity on a
network, including signature-based detection, anomaly-based detection, stateful
protocol analysis, and hybrid detection.
1. ANOMALY-BASED IDS
o Anomaly-based IDS focuses on identifying deviations from normal
behavior within a network or system. It works by establishing a baseline
 for normal activity by statistically analyzing network traffic or system
activity over time. This baseline becomes a reference for identifying
anomalies. The IDS then continuously monitors network traffic or system
activity and compares the real-time data to the established baselines.
Significant deviations from these baselines are flagged as potential
intrusions.
Example: A SQL injection attack where the input OR '1'='1' is used. A
signature-based IDS can detect this based on predefined patterns for SQL
injection.
2. SIGNATURE-BASED IDS:
o Signature-based IDS relies on a predefined database of attack
signatures to identify malicious activity. These signatures represent
known patterns or fingerprints of network attacks or suspicious system
behavior. The IDS continuously monitors network traffic or system
activity and compares this data against the database of attack
signatures. Any matches trigger an alert, indicating a potential intrusion
attempt.
Example: If a user account that normally logs in during business hours
suddenly logs in at midnight from a foreign IP address, the anomaly-based
IDS flags it as suspicious
3. Hybrid IDS:
o A hybrid IDS combines both anomaly-based and signature-based
detection methods to address the limitations of each approach. A hybrid
system leverages signature-based detection for known threats and
anomaly-based detection for novel attacks. This enhances the overall
effectiveness of intrusion detection.
Example:
o A hybrid IDS might:
o Use a signature-based method to detect known ransomware.
CHECKSUM
What is Checksum?
A checksum is an error detection method that utilizes a sequence of numbers
and letters to an error during data transmission. This is crucial for data integrity
and security.
For example, if you want to check if a file has been uploaded completely,
you can cross verify the checksum of the original and uploaded files. If there is a
mismatch, the concerned parties are alerted to possible data loss or third-party
tampering.
Two protocols are typically used to calculate the checksum value
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP).
The TCP is used to verify and track data packet transmission, While UDP is
useful for preventing the deceleration of transmission time
TYPES OF CONTROLS
What is Control?
Controls are safeguards or countermeasures designed to protect systems,
data, and infrastructure. These controls are categorized into types based on their
function and purpose
DETERRENT CONTROLS
What is Deterrent control?
a security measure designed to discourage potential attackers from
attempting to breach a system by making it clear that security measures are in
place, essentially acting as a visible warning to dissuade unauthorized activity.
Examples: include security cameras, warning signs, and employee security
awareness training.

CORRECTIVE CONTROLS
Refers to a measure taken after a security incident has been detected,
aiming to minimize damage, restore normal operations, and prevent similar
incidents from happening again by addressing the root cause and implementing
necessary fixes; essentially, it's a reactive control that takes action after a breach
occurs to repair vulnerabilities and recover from the incident.
Example: robust backup mechanisms are a corrective control because they let
you restore compromised data. By employing effective backups, you can mitigate
data loss and expedite the restoration of your systems, reducing downtime and
restoring normal operations promptly.

RECOVERY CONTROLS
What is Recovery control?
a security measure implemented to restore a system or process back to
normal operations after a security incident occurs, essentially allowing an
organization to recover from a breach or disruption and resume regular functions;
this includes actions like data backups, system restoration, and contingency plans
to minimize downtime and impact.
Examples:
• Data backups and restoration procedures
• Disaster recovery plans
• System redundancy and failover mechanisms •Incident response plan
 CS 406 REVIEWER

INTRODUCTION TO SOCIAL ISSUES

A field of study that examines how societal problems, like discrimination,
inequality, and privacy concerns, intersect with professional conduct, requiring
individuals in various fields to consider the ethical implications of their actions
within a broader social context.
DEFINITION OF SOCIAL ISSUES
A social issue is a problem that impacts a significant portion of society, often
causing debate and disagreement regarding its nature, causes, and potential
solutions; it can range from issues like poverty and healthcare access to
environmental degradation and gender equality.
EXAMPLES OF SOCIAL ISSUES
1. Economic Issues
 Poverty and unemployment
 Income inequality
 Homelessness
2. Political and Human Rights Issues
 Corruption
  Discrimination (race, gender, religion, etc.)
 Violation of human rights
3. Health and Education Issues
 Lack of access to healthcare
 Mental health stigma
 Education disparity
4. Environmental Issues
 Climate change
 Pollution
 Deforestation
5. Social and Cultural Issues
 Gender inequality
 Crime and violence
 Substance abuse
COMPONENTS OF SOCIAL ISSUES
1. Cause (Root Factors)
o The underlying reasons that lead to a social issue.
Causes can be:
 Economic– Unemployment, poverty, wealth inequality.
 Political– Corruption, lack of government policies.
 Cultural– Discrimination, gender inequality.
 Environmental– Climate change, pollution
2. Affected Population
o Social issues impact specific groups of people, often based on:
 Socioeconomic status (low-income communities, marginalized
groups).
 Age (children, elderly, youth).
 Gender and identity (women, LGBTQ+ individuals).
3. Consequences (Effects on Society)
o The impact of social issues can be seen in:
 Health– Disease outbreaks, mental health crises.
 Economy– Reduced productivity, poverty cycles.
 Society– Crime, inequality, unrest.
4. Possible Solutions and Interventions
o Efforts to resolve social issues include:
 Government Policies– Laws, welfare programs, subsidies.
 Community Actions– NGOs, social activism, awareness
campaigns.
 Education and Awareness– Promoting knowledge to address
misinformation and stereotypes.
 PROFESSIONAL ISSUES
WHAT IS PROFESSIONAL?
Professional is an individual who possesses specialized knowledge, adheres
to ethical standards, and demonstrates competence in their field.
FEATURES OF A PROFESSIONAL
 SPECIALIZED KNOWLEDGE
o Has expertise and technical skills acquired through education, training,
and experience.
• COMPETENCE
o Demonstrates high levels of efficiency, accuracy, and effectiveness in
their work.
• ETHICAL BEHAVIOR
o Adheres to a code of ethics, showing integrity, honesty, and
responsibility.
• ACCOUNTABILITY-
o Takes responsibility for their actions and decisions in their field of work.
• COMMITMENT TO CONTINUOUS LEARNING
o Updates skills and knowledge to stay relevant in the industry
• EFFECTIVE COMMUNICATION
 o Engages clearly and professionally with colleagues, clients, and
stakeholders.
• RESPECT AND TEAMWORK
o Works well with others and values different perspectives. •
• CLIENT OR PUBLIC INTEREST FOCUS
o Acts in the best interest of clients or society rather than personal gain.
• PROBLEM SOLVING ABILITY
o Uses critical thinking to address complex issues effectively.
• PROFESSIONAL APPEARANCE AND CONDUCT
o Maintains a high standard of presentation and behavior
WHAT IS PROFESSION?
Profession is an organized field of work that requires specialized knowledge,
training, and adherence to ethical guidelines.
FEATURES OF A PROFESSION
• FORMAL EDUCATION AND TRAINING
o Requires advanced education, such as degrees, certifications, or
licensure
• SPECIALIZED KNOWLEDGE AND EXPERTISE
o Involves mastery of a body of knowledge that distinguishes
professionals in the field.
• CODE OF ETHICS AND CONDUCT
o Governed by ethical principles to ensure responsible and fair practices
• CERTIFICATION OR LICENSING
o Often requires official recognition from a governing body or
professional association
• SERVICE ORIENTATION
o Focuses on serving clients, organizations, or society with integrity.
• AUTONOMY AND SELF-REGULATION
o Professionals exercise independent judgment while being regulated by
professional bodies.
• COMMITMENT TO LIFELONG LEARNING
o Requires continuous professional development to adapt to changes
• PROFESSIONAL ASSOCIATIONS
o Governed by organizations that set standards, provide training, and
regulate members
• SOCIAL RECOGNITION AND PRESTIGE
o Recognized and respected due to its impact on society
• SYSTEM OF COMPENSATION
o Professionals are compensated based on their expertise and
contribution.
WHAT IS PROFESSIONALISM?
Professionalism is the workplace refers to the behavior, conduct, and
communication style that an individual demonstrates within a business setting. It
encompasses attributes such as work ethic, responsibility, and respect for others

THE IMPACT OF TECHNOLOGY ON SOCIAL AND PROFESSIONAL ISSUES

SOCIAL IMPACT
• Communication and Relationships
o Social media and instant messaging have improved connectivity but
also led to issues like cyberbullying, online harassment, and reduced
face-to-face interactions.
• Privacy and Security
o The rise of digital platforms has increased concerns about data
privacy, surveillance, and hacking.
• Digital Divide
o Unequal access to technology creates gaps in education, employment,
and economic opportunities, especially in underprivileged
communities.
• Mental Health and Well-being
o Excessive use of technology can lead to anxiety, depression, and
screen addiction.
• Cultural Changes
o Globalization through technology has led to cultural exchange but also
the erosion of traditional values in some societies.
PROFESSIONAL IMPACT
• Workplace Efficiency and Productivity
o Automation, artificial intelligence, and digital tools have increased
efficiency but also replaced some jobs.
• Job Displacement and Creation
o While automation replaces certain jobs, it also creates new
opportunities in tech-related fields.
• Ethical Concerns in Business and AI
o Businesses must address ethical concerns related to AI biases,
surveillance, and data misuse.
• Cybersecurity and Corporate Data Protection
o Companies face threats from hacking, ransomware attacks, and
insider threats.
• Remote Work and Work-Life Balance
o Technology enables remote work, improving accessibility and
inclusivity for workers.

CYBERCRIME PREVENTION ACT OF 2012

REPUBLIC ACT NO. 10175
is a law in the Philippines that was approved on September 12, 2012. It aims
to address legal issues concerning online interactions and the Internet in the
Philippines. Among the cybercrime offenses included in the bill are cybersquatting,
cybersex, child pornography, identity theft, illegal access to data and libel.
COMPONENT OF CYBERCRIME
What is cybercrime?
A Cybercrime is a crime involving computers and networks. The computer
may have been used in the execution of a crime or it may be the target.
DEFINITION OF CYBER CRIME
Cybercrime may be defined as “Any unlawful act where computer or
communication device or computer network is used to commit or facilitate the
commission of a crime”.
Two Main Types of Cybercrimes:
Most cybercrime falls under two main categories
• Criminal activity that targets computers.
• Criminal activity that uses computers.

LIST OF CYBERCRIMES
• Child Pornography OR Child sexually abusive material (CSAM)
• Cyber Bullying
• Cyber Stalking
• Cyber Grooming
• Online Job Fraud
• Online Sextortion
• Phishing
• Vishing
• Smishing
• Sexting
• SIM Swap Scam
• Credit Card Fraud or Debit Card Fraud
• Impersonation and identity theft
• Spamming
• Ransomware
• Viruses, Worms, and Trojans
• Data Breach
• Denial of Services (DoS) attack
• Website Defacement
• Cyber-Squatting
• Pharming
• Cryptojacking
• Online Drug Trafficking
• Espionage
IMPLEMENT RULES AND REGULATIONS
o The Implementing Rules and Regulations (IRR) of a law are detailed
guidelines or procedures that are created to help put the law into action.
Once a law is passed, the IRR is developed by a government agency or body
designated by the law to ensure that its provisions are carried out effectively.
o The main purpose of the IRR is to provide clarity and specifics on how the law
should be implemented. It serves as a tool to guide government agencies,
businesses, and citizens on the proper interpretation and application of the
law.

KEY FUNCTION OF THE IRR

• Clarification of Provisions:
 o The IRR provides a detailed explanation of vague or broad provisions
in the law, specifying how they should be applied in real-world
situations.
• Procedures and Steps:
o The IRR outlines the procedures and steps that individuals,
organizations, or government agencies must follow to comply with the
law.
 Roles and Responsibilities:
o The IRR identifies the roles and responsibilities of the different
agencies or stakeholders involved in enforcing the law.
 Penalties and Sanctions:
o If a law includes penalties for non-compliance, the IRR provides the
specifics on how those penalties will be applied.
 Timelines and Deadlines:
o The IRR may establish specific deadlines for certain actions, such as
filing reports or submitting documents.
• Regulatory Framework:
o It establishes a framework for regulatory bodies to follow in enforcing
the law