PSUB IT Department

Organizational Chart

Joshua P. Abinal
BSIT 3A
 IT Department of PSUB
Organizational Chart

Joshua Abinal
CIO/IT Department Head

Kenneth Totoy Albert Althea

Hanz Reyes Relatores Kaye Romero Eric Flordeliz Mortega Ramos
IT Specialist Chief Executive LAN Administrator Bergado WAN Administrator Remote Access
Network Manager Director of
Officer Domain Manager Software Dev

Benedict Relles Johan Abinal Ben Tennison Ramon Cruz Rene Nazareth Christian Lee John Edwards
Technical Enterprise Cloud Networking Network Cloud Engineer Cyber Security App Developer
Support Architect Support Engineer

Mary Dickson Michelle Rose Russel West Maria Tandaan

Juan Odinson Skusta Clee Sherwin Paja
System Network Information Software
IT Support ICT Assistant Cloud Architect
Engineer Engineer Security Engineer
 User Domain

Roles & Tasks

Hanz Reyes
IT Specialist
To assist faculty and staff with professional technology-based
computer hardware and software inquiries.
Benedict Relles
Juan Odinson
Technical
IT Support
Support

Risk
• User can destroy data in application(intentionally or
not) and delete all
• User can find that his girlfriend cheated on him and
use her password to delete all of her work so that she
would be fired.
• User can insert infected CD or USB flash drive into
the work computer
Mitigation
To mitigate threats and risks in this domain, the IT
department must establish and implement strong
security controls and policies including robust password
policies, 2FA (Two-Factor Authentication), acceptable
use policy (AUP), access privilege management, conduct
employee training and awareness program about
cybersecurity threats.
 Workstation Domain

Kenneth Roles & Tasks

Relatores To manage the school’s hardware and software.
Chief Executive
Officer Provide preventive and corrective maintenance to equipment.
Johan Abinal Mary Dickson
Enterprise System
Architect Engineer

Risk Mitigation
The IT department should harden all computers that are
• The workstation’s OS can have a known software
used by its employees, and adopt the Defense in depth
vulnerability that allows a hacker to connect remotely
strategy. Hardening is a process whereby a computer is
and steal data.
made more resistant to cyber intrusion from malicious
• A workstation’s browser can have a software
attack. This should be made by implementing strong
vulnerability which allows unsigned scripts to silently
controls through software revisions, security patches,
install malicious software.
system configuration, and the use of anti-virus, anti-
• A workstation’s hard drive can fail causing lost data
malware, and workstation login ID/passwords.
 LAN Domain

Roles & Tasks

Kaye Romero
LAN Administrator
To configure, install, and maintain the network hardware and
software of the school.
Ben Tennison
Skusta Clee
Cloud Networking
ICT Assistant
Support

Risk Mitigation
Segmentation is a good practice where the network is
divided for different users (employees vs visitors). This
• A worm can spread through the LAN and infect all
will ensure that when outsiders connect with the
computers in it.
network do not infect the network with malware. In
• LAN server OS can have a known software
addition, the firewall should have egress filtering to limit
vulnerability.
users’ access to the Internet. The IT also needs to apply
• An unauthorized user can access the organization’s
Network Security Protocols to encrypt communication,
workstations in a LAN
and ensure data transported through network's
connections stays safe and secure.
 LAN-to-WAN Domain

Totoy Roles & Tasks

Bergado To ensure integrity of the network by continually updating
Network Manager
network system security to provide for latest protection against
Ramon Cruz Michelle Rose
Network Network viruses and other types of network vulnerabilities.
Engineer Engineer

Risk
• A hacker can penetrate your IT infrastructure
and gain access to your internal network.
• Weak ingress/egress traffic filtering can degrade
performance.
• A firewall with unnecessary ports open can allow
access from the Internet
Mitigation
In this complex domain, important security controls need to be applied. All security
appliances in this domain must be configured to comply with policy definitions
including the following: (1) IP routers which transport IP packets to and from the
internet need to be logically configured, and establishing access control list to filter
traffic (Permit or deny traffic); (2) Firewall to filter traffic; (3) Demilitarized zone
(LAN segment), which serves as a buffer zone for inbound and outbound traffic; (4)
Intrusion detection system examines traffic to identify attack and malicious intent
and triggers an alarm once detects a threat; (5) Proxy server, which serves as a
middleman where data is analyzed and screened before they relayed to the IT
infrastructure; (6) Web content filter, which filters domain names and prevent
unauthorized traffic from entering the IT infrastructure; (7) Email content filter,
which blocks the content of all emails until properly screened for viruses, then allow
clear emails pass to users.
 WAN Domain

Roles & Tasks

Eric Flordeliz
WAN Administrator To ensure integrity of the network by continually updating
network system security to provide for latest protection against
Rene Nazareth Sherwin Paja viruses and other types of network vulnerabilities.
Cloud Engineer Cloud Architect

Risk Mitigation
In this domain, propping the LAN-to-WAN will
• Service provider can have a major network outage.
mitigate any risk comes from WAN. Using firewalls as
• Server can receive a DOS or DDOS attack.
mentioned before as well as conducting constant
• A FTP server can allow anonymously uploaded
penetration tests are very important to ensure that the
illegal software
domain is secured.
 Remote Access Domain

Albert Roles & Tasks

Mortega
Remote Access Coordinate and supervise the installation, maintenance, and
Domain Manager support of existing and new servers, systems and networks.
Russel West
Christian Lee
Information
Cyber Security
Security

Risk
• Communication circuit outage can deny connection.
• Remote communication from office can be
unsecured.
• VPN tunneling between remote computer and
ingress/egress router can be hacked
Mitigation
A virtual private network (VPN) is used to provide a secure
remote access connection across the Internet. VPN uses
encryption and authentication to ensure confidentiality,
integrity, and privacy of communications through the network.
VPN creates an encrypted communications tunnel over a
public network such at the Internet. It is important that users
are authenticated before accessing the network through 2FA
(Two-Factor Authentication). Robust procedures need to be
created for remote access such as conducting regular audits,
monitoring logins attempts, and using strict firewall ACLs.
 System and Application Domain

Althea Roles & Tasks

Ramos
Director of To keep an inventory of equipment, computers, software
Software Dev licenses, and others.
Maria Tandaan
John Edwards
Software To create and maintain a system for backing up data and
App Developer
Engineer program files.

Risk Mitigation
It is important to maintain these systems and software
by regularly patching them, and installing
• A fire can destroy primary data antimalware/antivirus software to stop infections
• A DOS attack can cripple the organization’s email downloaded through email or from a compromised
• A database server can be attacked by SQL injection, website. Finally, user training and awareness are
corrupting the data essential to ensure that they recognize phishing and
social engineering schemes to prevent hackers from
penetrating the network through them.