Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
METHODOLOGY
In this chapter, details of the research methodology used in the study are discussed. This
research aims to study security mechanism of an organization through survey method. Survey is
conducted by questionnaire method. This research proposal will use a quantitative approach and
Data Collection
The data to be studied is all about the security mechanism of an organization. For this
study, we have 11 IT staff that is currently working in Provincial Capittol of Davao del Sur. Data
was collected using a survey questionnaire. There are six information security was being studied
in this research. The template consists of 10 questions per topic including Data Security,
Application Security, Operating System Security, Network Security, Physical Security, and
Data Security
In a descriptive case study research approach, this study examines the security
mechanism of the Provincial Capitol of Davao del Sur. Following the quantitative research route,
a survey questionnaire was conducted to determine the data security practices of the
organization. Interviews were conducted personally, face-to-face in the real life setting of the
respondents. There are a total of 11 personnel in the organization that was given a survey
questionnaire to answer the following questions. Answers of the respondents are below.
Table 1.1
DATA SECURITY YES NO
Do you install antivirus and personal firewall on your computing device?
/
Do you backup your data regularly?
/
Do you backup your data to an external storage?
/
Do you use a strong password on your computing device?
/
Do you encrypt your sensitive data?
/
Do you securely erase* data on your hard drive before disposing it?
*Secure erase is the process of repetitively overwriting the data on the media to ensure
that it is not recoverable. /
Are there adequate procedures to inform, train, and assist operations staff in the
implementation and support of changes in the system? /
Do procedures exist to inform and train users when database system changes occur?
/
Does the application encrypt data before sending it over the Internet or an open network?
/
Do you have a mechanism to backup critical IT systems sensitive data?
/
Data security is about keeping your data secure from accidental or malicious damage.
licensed data. Computers should be password protected, with file permissions controlled so
users, depending on their status, can “read only”, “write”, or “execute” files. The above result is
an indication for their data security measures of the systems. They didn’t use a strong password
with their computing device, and thus it’s their disadvantage against all theft and hackers. They
can easily access on their systems and manipulate data. Enable computer firewalls and keep anti-
Encryption is a great research data management tool to secure storage and transmission
of files and it is a good practice to encrypt any dissolve files and machines or devices that store
data. Encryption maintains the security of data and documentation through an algorithm to
Application Security
Application security is the process of making apps more secure by finding, fixing, and
enhancing the security of apps. Much of this happens during the development phase, but it
includes tools and methods to protect apps once they are deployed. This is becoming more
important as hackers increasingly target applications with their attacks. Application security is
getting a lot of attention. Hundreds of tools are available to secure various elements of your
applications portfolio, from locking down coding changes to assessing inadvertent coding
threats, evaluating encryption options and auditing permissions and access rights. There are
specialized tools for mobile apps, for network-based apps, and for firewalls designed especially
The faster and sooner in the software development process you can find and fix security
issues, the safer your enterprise will be. Because everyone makes mistakes, the challenge is to
find those mistakes in a timely fashion. For example, a common coding error could allow
unverified inputs. This mistake can turn into SQL injection attacks and then data leaks if a
hacker finds them. Application security tools that integrate into your application development
environment can make this process and workflow simpler and more effective. These tools are
also useful if you are doing compliance audits, since they can save time and the expense by
catching problems before the auditors seen them. The rapid growth in the application security
segment has been helped by the changing nature of how enterprise apps are being constructed in
primary intended platform is the Web, mobile devices, or a traditional desktop OS like Windows.
This is because all application builds must go through the standard cycle of development, testing,
settling on a release candidate, and deployment into operations — at which time, too often,
problems are found and the new build is sent back for fixes. So application security can often be
improved by trying to improve on that cycle, at various points. Below is the data.
practices in coding regardless of the specific methodology (Waterfall, Agile, etc.). After half a
century of careful analysis, we now know quite a bit about how programming errors tend to
improve application security at this early stage. I’ve gone into these in another recent blog entry,
so won’t be exploring them in detail here, but they can help automatically spot cases in which
changing — consider all the apps recently introduced for mobile devices, Web apps, plus
composite apps! So are the diversity and complexity of the environments in which they operate.
Operating System
Research papers are assessed based on the source of information. University of Bridgeport
provide its members whether, they are faculty members or students, access to thousands of digital
resources via digital library [5]. Many operating systems are root built based on UNIX with some
modifications and developments, and some of them are Macintosh, Windows, and Linux [18], but UNIX
is an open source, working with the developer community. UNIX has many versions such as UNIX 93,
UNIX 95, UNIX 98, and the latest version is UNIX 03. UNIX is a powerful operating system used to do
complicated tasks, where programmers need to work with command line, even if it has a graphical user
interface. Because of that, UNIX is categorized for serious programmers using shell interface. UNIX is so
sensitive to mistakes because it’s hard even for an expert user to debug the mistake easily [19], which
requires high patience and plenty of time. Window is an operating system developed by the Microsoft
Corporation as closed-source and they launched the first version on November 20, 1985 [20]. Which is
one-year after Apple released their first operating system. It is based on the Disk Operating System
(DOS) system which is well known as the black screen and command line. The last operating system that
was released on October 26, 2012; it is called Windows 8 and is a personal operating system. Each
windows operating system has many versions such as student, home, professional, unlimited, and
enterprise version [24]. These distinctions lead to users being able to choose the system that best fits their
unique needs. They released another type of operating system for servers in 2003. With an enterprise and
home edition, they named them Server 2003 or Home Server, respectively. Currently, their share of the
server market is approximately a massive sixty-four percent. The table below is survey template.
Table 1.3
performance because windows operating system does not band with specific manufacturers. Some of
manufacturers are well-known because they do global business [25] such as Dell, Asus, Toshiba, Acer,
and HP. These global brands all sell personal computers and servers for big companies, and they are
taking the middle layer between Microsoft Corporation and Client. They provide the Client hardware,
customer service, and a warranty. Also, local stores with basic knowledge can build computers and install
Windows. Because of competition, industries release a series of same parts with the latest technology
within a short period of time; sometimes this can be within a year. That leaves the option for users to
build their computer [26] based on their budget and needs. It also gives people the resilience to upgrade
their machine inside, out from screen to motherboard with certain rules. Linux is a powerful and unique
operating system compared with other operating systems, such as Windows and Macintosh. Moreover,
installing Linux in a machine is simpler than with other operating systems, such as Windows and Mac.
A comparison of Linux with Windows is that Linux quite rarely crashes which is known in
Windows as blue screen or that Windows usually goes down because of over load. In terms of paying
hundreds of thousands dollars to protect data from being leaked or attacked via adversary [49], users
could have that free in the market of Linux whereas with Windows you need to pay for it. Linux has very
strong firewall which makes Linux undefeatable in terms of attacks. It has a unique technique for
reducing virus activity. The rate of malware is less in Linux compared with Windows’ operating system
because the designer targeted to attack a large number of computer users. Besides, spyware and viruses
designed for Windows cause it to slow down, and as a consequence, the performance of the operating
system is reduced [50]. On the other hand, users find disadvantages to Linux where many applications
are not being designed to run in Linux or not exist in Linux, such as iTunes and Microsoft program. This
is considered as an obstacle to people who care about applications and do not want to replace their whole
operating system just to have a “plug & play” application that they desire. It takes time for some people to
be familiar with and learn Linux’s many advantages and its limitations [51].
The overall approach of this study is quantitative. It is to know what are the problems and
safety measures regarding the physical and network security of a security system. Quantitative
research is the most suitable approach for this research because we get the percentage of the
answers of the respondents and it’s easy to understand and evaluate the data of the responses.
Table 1.4
NETWORK SECURITY YE NO
S
Must all users on the network enter a log-on ID and password to access the network /
security?
If the network is connected to outside services or related services through the Internet
have “firewalls” been created to centralize access control to and from the network and
the other service? /
Is the facility local area network connected/bridged into any other network? /
Are any of these devices connected to a facility local area network? /
Are systems and network that host, process and/or transfer sensitive information
‘protected’ (isolated or separated) from the other systems and or networks? /
Is there a standard approach for protecting network devices to prevent unauthorized
access/ network related attacks and data theft?
i.e. Firewall between public and private networks, firewall separation, secure
costumer portal. /
Are third party connections to your network monitored and reviewed to confirm
authorized access and appropriate usage?
i.e. VPN logs, Server event logs, automatic alerts. /
In sensitive information transferred to external recipients? If so, are controls in place
to protect sensitive information when transferred?
i.e.( with encryption) /
Does the network software prevent access by unauthorized users to or from other /
network services (gateway, fax, dial out, WAN, etc.)?
Does the network software prevent access by unauthorized users sensitive system /
functions such as security administration, network monitoring, server console
operations, and enabling/disabling services?
For data collection we used survey method that involves 10 questions per field using
multiple choices. We did it in person and the respondents took only few minutes (3-5 minutes) to
answer the questions. For our sampling method, we used the simple random sampling for the
respondents to have equal chance of being selected from the population. For the analysis, we
prepared our data before analysing it just like checking for missing data and removing outliers.
All value outside calculated range were considered outliers (Hooglin & iglewicz, 1987). The data
was then analysed using statistical software which is the commonly used Microsoft Excel.
PHYSICAL SECURITY YE NO
S
Security Guards: /
Do you have security guards at the facility?
Are security guards on duty all day, every day (24 hours per day, 7 days per week)? /
Are security guards employees of the company? /
Are there gates that control the entry of vehicles and personnel to your premises? /
Are employees and visitor parking areas separated? /
Does the facility have digital intrusion detection/alarm system? /
Do any of these devices employ wireless technology? /
Is privacy installed on monitors in public areas and/ or are monitors situated in such a /
way that they cannot be viewed by unauthorized individual?
Are the organization’s workstation s and PC physically secured to the desk through the /
use of a locking cable or other anti-theft device?
Does the server room have a monitored temperature sensor? /
Is the physical location of the computer/server /storage/training rooms appropriate to /
ensure security?
Does the office maintain written procedures relating to controls over the physical /
security of the computer equipment?
Table 1.5
Access Control
entities that request information about or data from passive entities, called objects. A subject can
be a user, program, process file that is accessing an object to accomplish a task. An object is a
passive entity and can be a file, database, computer, program, process, printer, storage media,
and so on. The subject is always the entity that provides or hosts information or data. The roles
of subject and object can switch back and forth while two entities interact to accomplish a task.
In particularly case study research detailed and examine the security mechanism of
Provincial Capitol of Davao del Sur with the quantitative research execute through a survey
questionnaire was conducted to determine the Access control practices of the organization.
Interviews were conducted personally in the exact setting and working of the respondents. The
template contains with 10 questions per topic including the Access control, Application Security,
There are 11 participants in the organization that to give a survey questionnaire and answer.
Access controls are categorized based on the type of implementation into the following three
groups:
1. Logical/technical access control - Logical and technical access controls are hardware
logical or technical access control lists include encryption, smart cards, passwords,
2. Physical access control - Physical access controls are physical barriers deployed to
prevent direct contact with systems or areas within a facility. Examples of physical access
control include guards, fences, motion detectors, locked doors, sealed windows, lights,
cable protection, laptop locks, swipe cards, guard dogs, video cameras, mantraps, and
alarms.
guideline. User training and awareness also fall into this category.
The demand for access control security systems in the organization area and nationally is
at an all-time high partly due to advanced technology and the response to increased security and
safety threats. At other organization, we believe in creating safe environments by applying the
latest technology in our access control systems. Here’s a closer look at why access control could