Kaway-Aralan (Flexible Learning Delivery) : School of Information and Knowledge Management

SCHOOL OF INFORMATION AND KNOWLEDGE Introduction to ICT Education:
MANAGEMENT ICT Professional Code of Ethics
COURSE CODE COURSE TITLE NAME OF FACULTY

Introduction to ICT Education: ICT Prof. Erwin R. Callo &
S-TLE05
Professional Code of Ethics Prof. Marivilla Lydia B. Aggarao
PNU Flexible Learning Delivery: KAWAY-ARALAN sa BAGONG KADAWYAN

The Philippine Normal University welcomes you to academic year 2020-2021.
We have entered a new age in education. The COVID-19 pandemic hastened Education 4.0.
Teaching has been altered re-shaping our educational landscape. Amidst these changes, it is
imperative that as the National Center for Teacher Education, we become active participants in
molding the new normal.
In navigating the new terrain in education, indigenous concepts and ideas could be utilized to
appropriate concepts and cushion the impact of change as we embrace the challenges. In doing
so, a working concept where foreign influences and local peculiarities could be integrated is
welcomed. Thus, we wish to call this new era in terms of our local concept, Bagong Kadawyan1
(our translation of New Normal).
Given the challenges and opportunities at hand, the new era in education is open for anyone
who actively shape and define its parameters and dynamics. PNU shall continue to provide the
leadership in this Bagong Kadawyan in Philippine Education knowing that “the future belongs to
those who have the vision to see it.”
Kaway-Aralan (Flexible Learning Delivery)

The nomenclature is derived from the Filipino words for bamboo (kawayan) and a place for
studying (aralan). The bamboo sways/waves (kaway) which characterizes flexibility and like the
bamboo’s resilience, Philippine education’s approach to the imminent new habits should take
inspiration from the modest bamboo. As narrated by PNU’s notable alumnus, I.V. Mallari, in the
literature classic, Pliant like the bamboo: “Verily, the Filipino is like the bamboo tree. In its grace,
in its ability to adjust itself to the peculiar and inexplicable whims of fate, the bamboo tree is his
expressive and symbolic national tree.” By branding our learning delivery as Kaway-Aralan, we
tap the imagination of educators to explore appropriate pedagogies. Kaway-Aralan provides a
platform to contextualize and localize teaching theories, approaches, and strategies.
THIS TOOL KIT IS FOR PNU USE ONLY

(TERM 1, SY 2020-2021)
TERM 1 AY 2022-2023
NO PART OF THIS MATERIAL MAY BE REPRODUCED
1
kadawyan (f. dawi). n. custom; habit; usage, a. regular, normal (234); normal: adj. kadawyan (707) from
Carlo R. Galvez Rubino, Ilocano: Ilocano-English, English-Ilocano: Dictionary and Phrasebook. (New York:
Hippocrene Books, 1998/2005).
[1]
FLEXIBLE COURSE PLAN
PNU shall become internationally recognized and nationally responsive

teacher education university. As the established producer of knowledge
PNU Vision-
workers in the field of education, it shall be the primary source of high-quality
Mission
teachers and education managers that can directly inspire and shape the
quality of Filipino students and graduates in the country and the world.
As the National Center for Teacher Education, the Philippine Normal
University commits to provide leadership in teacher education and nurture
innovative teachers and education leaders imbued with values of truth,
PNU Quality Policy excellence, and service. We commit to the continual growth of the University
through compliance with international Quality Standards and statutory and
regulatory requirements. We shall achieve this through our core functions of
instruction, research, extension, and production.
The College of Teacher Development promotes the University’s mission of
nurturing innovative teachers and educational leaders. It is committed to:
1. Providing the best teacher preparation and development training to
produce teachers who are strong in content, grounded in the discipline
and possess the technological and pedagogical knowledge to
effectively teach and lead in the on-going educational reforms at all
levels of education;
2. Promoting quality instruction by ensuring a strong philosophical and
conceptual foundations for the teacher education curriculum programs
CTD to develop graduates with the following qualities: humane and ethical
Undergraduate educated person, reflective and responsive specialist, critical and
Goals creative technology expert and transformative educator;
3. Advancing research in education by providing opportunities to students
and faculty members of the College to conduct research to produce
and construct knowledge about teaching- learning, reflect and make
meaningful connections between theory and practice, solve problems
and locate opportunities for strategic actions; and
4. Promoting a culture of sharing by extending scholarship and expertise
to other educational institutions and agencies and establishing
partnerships with communities and organizations involved in
education.

This is focused on the general competencies in the different sub-areas of
home economics; food and nutrition, food service, arts and crafts, interior
Course
design, and consumer education. It highlights the Filipino consumers, its
Description
contribution to economic development and sustainability. Surveys on different
consumer life practices are expected to produce in this course.
Program
Specialization  Apply technology and evidence-based practices critical to educational and
Outcomes learning processes
 Demonstrate broad, meaningful and coherent knowledge and skills in the
field of technical and vocational education
 Reflect on the relationships among the teaching process skills, the learning
processing skills, nature of the content/subject matter and other factor
affecting education processes to constantly improve teaching knowledge,
skills and practices
 Promote technological advancement in the profession by seeking sense of
and getting involved in the discourse that impact in the profession
 Demonstrate high level literacy communication, numeracy, critical thinking,
learning skills needed for higher learning
[1]
Course
Description
This course is designed to help students understand the range of impacts

computing has now and can have when used by businesses, public agencies, and
individuals.
Discuss the social and moral issues related to computing, such as piracy, privacy,
and intellectual property, and how the codes of behavior for computing
professionals can be applied to the different activities they may encounter.
Multifaceted approaches to understanding current legal and moral issues on
computing are presented in case studies.
Program
Specialization
Outcomes Exhibit competence and skills in applying technology pedagogical innovations in
educating the academic community towards Information Communication
Technology.
Innovative and critical in handling technology and applying it to enhance learning

among learners
COURSE CONTENT
Instructional Delivery
Content Design
Session Course Learning (preferably with
Flexible Assessment
No./Duration Outcomes focusing/essential Face-to-Face
Learning
questions) Activities
Activities
Familiarize oneself Orientation on
with the University Course Content, Discussion Memorize the
Vision-Mission- Policies, Objectives and Recitation Vision- Oral
Goals-Objectives; and Requirements Mission-and Recitation
Course Policies, Assignment of PNU Quality
Requirements, computer stations Policy
1
Content; and discussion of
Laboratory rules laboratory
guidelines
What is Computer
Ethics?
Draw the Rubric for
Define computer  Computer Ethics Discussion ethical Infographic
ethics definition. framework
 What is the for making
Draw the framework for ethical
framework for making ethical decision
2-5 making ethical decisions? using
decisions  The framework infographics.
for making
ethical decision
[1]
Identify the What are the Discussion Cite an Presentation

Computer Crime different examples example of Rubric
6-10 of Computer computer
Discuss the Social crimes? crimes.
and ethical Discuss the
Ramifications of Computer Crimes roles of
Computer Use computer,
tools in
Understand the Professional committing
Professional Responsibility of the crime
Responsibility using computers using a
digital
Describe the Meta Meta ethics of presentation.
11-15 ethics of Computer computer ethics
Ethics
Describe the What are the Scavenger

characteristic of characteristics of Classroom Scavenger hunt rubric
Obscene an obscene presentation hunt and
material? Digital
Explain the presentation
16-20
creation of Obscene Material
obscene and its
characteristics
Discuss the What is the

importance of importance of Classroom Data Privacy Recitation/
Privacy privacy? presentation/ Written
Demonstration Exam
Explain why the Data Privacy
importance of
encryption Data Privacy act
21-22
Digital Citizenship
How to apply data

encryption?
Data encryption
Discussion Cite Sample
Discuss Intellectual Intellectual case/s where Web Quest
Property Rights Property Rights IP rights Printed
applied for Output
23 Intellectual computer
Property Rights products.
applying to
computer software
and fair use.
Apply Protection Cybersecurity Discussion Create a blog Rubric for

on your online Cyber hacking related to blogging.
24 presence Cybersecurit
y and Cyber
hacking
Course  http://library.thinkquest.org/26658/cgi-bin/2-1.cgi
References  http://www.science.uva.nl/~seop/entries/ethics-computer/
 http://www.crews.org/curriculum/ex/compsci/articles/ethics.htm
 http://en.wikipedia.org/wiki/Ten_Commandments_of_Computer_Ethics
[1]
 http://ethics.csc.ncsu.edu/
Performance Course Performance Indicator Evidence of Performance Performance

Indicator and Standard
Evidence of The student will be able to define Case study focusing on the
Performance computer ethics and become aware of the computer ethics that will
treat, security risks and proper ethics in mitigate the threat ,security Case
the use of the computer and Internet risks applying computer study
ethics. rubrics/
exams/
activity
output.
Course
Requirements  PNU-LMS registration for FLA activities
 Internet connection
 Desktop/Laptop computer.
 Multimedia Player
Course
Policies 1. Attendance is required and expected for Face to Face sessions.
2. Students are encouraged to actively participate during Online Forum.
3. Students are obliged to observe proper online decorum and courtesy all the time.
4. Students must submit all the needed assignments, research works, projects and
requirement at the prescribed time given by the professor.
5. Students should inform the professor in advance if he/she will not make it during the
examination/oral presentations for rescheduling purposes.
6. Online participation is essential to your satisfactory completion of this course.
Viewing weekly materials, presentations, and e-readings as well as participating in
online activities such as quizzes, forum posts, and discussions is required.
7. Response time should be within 24 hours for any post made by the professor which
requires replies/answers/reactions.
8. Plagiarism/cheating, if proven, will mean a final grade of 70 for the subject.
9. It is suggested that students visit PNU LMS every day for any updates and response
accordingly within 24 hours.
[1]
Week 1: CODE OF ETHICS

SUB-TOPIC: FUNDAMENTAL OF CODE OF ETHICS
LEARNING OUTCOME:
1. Describe the computer ethics
2. Discuss the framework for making ethical decisions
CONTENT
Ethics is the field of study that is concerned with questions of value, i.e., judgments
about what human behavior is "good" or "bad" in any given situation. Ethics are the standards,
values, morals, principles, etc., which are used to base one's decisions or actions on; often
there is
no clear "right" or "wrong" answer.
there is
no clear "right" or "wrong" answer.
there is no clear "right" or "wrong" answer.
Code of ethics
 Is a guide of principles designed to help professionals conduct organization or institution
honestly and with integrity.
 It is an outline the mission and values of the organization or institution, how
professionals are supposed to approach problems, the ethical principles based on the
organization's core values, and the standards to which the professional is held.
 It refers to as an "ethical code," may encompass areas such as organizational ethics, a
code of professional practice and an employee code of conduct.
There are three major areas which come under the umbrella of computer ethics:
a. Intellectual property
b. Internet Etiquette or “netiquette”
c. Day-to-day Ethics
a. Intellectual Property
Intellectual property refers to creations of the intellect: inventions, literary and artistic
works, symbols, names, images, and designs used in commerce are part of it. It is usually
divided into two branches, namely industrial property which broadly speaking protects
inventions and copyright, which protects literary and artistic works.
Categories of Intellectual property

a. Industrial property, which includes inventions (patents), trademarks, industrial designs,
commercial names, designations and geographic indications (location specific brands)
etc.
b. Copyright, which includes literary and artistic works such as novels, poems and plays,
films, musical works, artistic works such as drawings, paintings, photographs,
sculptures, and architectural designs.
b. Internet etiquette or “netiquette”

Internet etiquette or “netiquette” is the code of acceptable behaviors users should
follow while on the Internet. It is the conduct expected of individuals while online. It includes
rules for all aspects of the Internet including the World Wide Web, e-mail, instant
messaging, chat rooms, FTP, and newsgroups and message boards.
Here are some of the rules of netiquette:

1. Real people exist behind the computers
[1]
 You are dealing with people, not machines. So think twice before you click on Send
button in the mail/chat window
 You are not the only one using the network
 Keep these other people in mind when you say something on a network.
2. Protect your privacy
 Just as you would in the real world, be aware of risks, fraud and false information
which exist on the Internet. Use common sense when deciding whether
information is valid. Don’t trusts or spread further any information about which you
are in doubt. Always try to obtain reliable information.
 Protect your personal information to keep someone from using it in an unethical way.
(For example, when you enter a prize contest, your name, address, and phone
number may be given to a dealer of personal information.)
3. Avoid Spamming
 Spamming is sending unsolicited bulk and/or commercial messages over the
Internet.
 Spamming is morally bad if it is intended to destroy and done by infringing on the
right of privacy of others.
 It could be good if the message sent benefits the recipients, like giving out warnings
or useful information to others.
4. Help make the network better
 The existence of the information society is based on give and take. Making a
contribution is an essential part of being a good network user. For example, if you
make a request and find the information you receive helpful, write a summary and
report what you learned, publish it on the Net or give links to others.
 For detailed information, you can refer to a book entitled “Netiquette” by Virginia
Shea. An excerpt from this book called The Core Rules of Netiquette is available
online. [http://www.albion.com/netiquette/]
c. Day-to-day ethics
All of us might have known these ethics already, because these are just modified
forms of ethics told to us by our grandparents/parents, like don’t open letters of others, don’t
copy the home-work from others, don’t listen to any conversation secretly etc.
Issues in Code of Ethics

Common issues that fall under the umbrella of organization ethics include
a. employer-employee relations,
b. discrimination,
c. environmental issues,
d. bribery and insider trading, and
e. social responsibility.
The Ten Commandments in ICT Code of Ethics

"In Pursuit of a 'Ten Commandments' for Computer Ethics" by Ramon C. Barquin as a
means to create "a set of standards to guide and instruct people in the ethical use of
computers."
1. Do not use a computer in ways that may harm other people

 It includes harming or corrupting other users' data or files. The commandment states
that it is wrong to use a computer to steal someone's personal information.
Manipulating or destroying files of other users is ethically wrong. It is unethical to
write programs, which on execution lead to stealing, copying or gaining unauthorized
access to other users' data. Being involved in practices like hacking, spamming,
phishing or cyber bullying does not conform to computer ethics.
2. Do not use computer technology to cause interference in other users' work.

 Viruses, for example, are programs meant to harm useful computer programs or
interfere with the normal functioning of a computer. Malicious software can disrupt
the functioning of computers in more ways than one. It may overload computer
memory through excessive consumption of computer resources, thus slowing its
functioning. It may cause a computer to function wrongly or even stop working. Using
malicious software to attack a computer is unethical.
[1]
3. Do not spy on another person's computer data.

 We know it is wrong to read someone's personal letters. On the same lines, it is
wrong to read someone else's email messages or files. Obtaining data from another
person's private files is nothing less than breaking into someone's room. Snooping
around in another person's files or reading someone else's personal messages is the
invasion of his privacy.
4. Do not use computer technology to steal information.

 Stealing sensitive information or leaking confidential information is as good as
robbery. It is wrong to acquire personal information of employees from an employee
database or patient history from a hospital database or other such information that is
meant to be confidential. Similarly, breaking into a bank account to collect
information about the account or account holder is wrong. Illegal electronic transfer
of funds is a type of fraud.
5. Do not contribute to the spread of misinformation using computer technology.

 Spread of information has become viral today, because of the Internet. This also
means that false news or rumors can spread speedily through social networking sites
or emails. Mails from untrusted sources advertising certain products or spreading
some hard-to-believe information, are not uncommon. Direct or indirect involvement
in the circulation of false information is ethically wrong.
6. Refrain from copying software or buying pirated copies. Pay for software unless it is
free.
 Like any other artistic or literary work, software is copyrighted. A piece of code is the
original work of the individual who created it. It is copyrighted in his name. In case of
a developer writing software for the organization he works for, the organization holds
the copyright for it. Copyright holds true unless its creators announce it is not.
Obtaining illegal copies of copyrighted software is unethical.
7. Do not use someone else's computer resources unless authorized to.

 Breaking into some other user's password, thus intruding his private space is
unethical. It is not ethical to hack passwords for gaining unauthorized access to a
password-protected computer system. Accessing data that you are not authorized to
access or gaining access to another user's computer without his permission is not
ethical.
8. It is wrong to claim ownership on a work which is the output of someone else's

intellect.
 Programs developed by a software developer are his/her property. If he is working
with an organization, they are the organization's property. Copying them and
propagating them in one's own name is unethical. This applies to any creative work,
program or design. Establishing ownership on a work which is not yours is ethically
wrong.
9. Before developing a software, think about the social impact it can have.
 When working on animation films or designing video games, for example, it is the
programmer's responsibility to understand his target audience/users and the effect it
may have on them. For example, a computer game for kids should not have content
that can influence them negatively. Similarly, writing malicious software is ethically
wrong. A software developer/development firm should consider the influence their
code can have on the society at large.
10. In using computers for communication, be respectful and courteous with the fellow
members.
 The communication etiquette we follow in the real world applies to communication
over computers as well. While communicating over the Internet, one should treat
others with respect. One should not intrude others' private space, use abusive
language, make false statements or pass irresponsible remarks about others. One
should be courteous while communicating over the web and should respect others'
time and resources. Also, one should be considerate with a novice computer user.
[1]
Activities:
1. Draw the ethical framework for making ethical decision using infographics
References:
 http://en.wikipedia.org/wiki/Ten_Commandments_of_Computer_Ethics
Week 2 and 3: CODE OF ETHICS

SUB-TOPIC: SOCIAL AND ETHICAL ISSUES IN TECHNOLOGY
LEARNING OUTCOME:
1. Analyze the social and ethical issues in Technology
CONTENT
Digital Divide
The digital divide is the lack of access to information and communication technologies by
segments of the community. Below are the following:
a. Gender
 Boys and girls differ in terms of their use of computer.
b. Socioeconomic
 Many people living in poverty do not get the same technological resources as others,
leaving them farther behind in the digital divide.
 A lot of technology is expensive and people living in poverty cannot afford to buy them,
as they are necessity.
c. Race
 Disadvantaged minority groups fall behind in informational technology skills because of
limited access due to their socioeconomic standings.
d. Recourse Equity
 Having equal access to technology.
 Equal access is important to help bridge the gap in the digital divide
Ethical Issues for Safety and Security

1. Social Networking
 A broad class of websites and services that allow you to connect with others online as
well as meet people with similar interests or hobbies.
2. Acceptable Use Policies
 This is a policy set up by the network administrator or other school leaders that are set to
agree with their technology needs and safety concerns
3. Netiquette
 Refer to the online code of what is appropriate and in good taste for internet users
 From the words “net (from internet) and “etiquette”
 Poor choices online lead to bad consequences
4. Cyber Bullying
 Bullying which is carried out through a social networking site, but can also include
through other technologies such as text messaging.
 Different from regular bullying: more invasive, wider audience, can be done at anytime,
anyplace.
 One of the faster growing bullying trends among teens today.
5. Student Data
 New computer technologies for gathering, storing, manipulating, and communicating
data are revolutionizing the use and spread of information.
[1]
 Students have the right to control use of information that is related to themselves.
6. Internet Privacy
 Every move made online is being tracked.
 IP addresses can trace location.
 Be aware of what private information you make available online.
 Protect passwords and do not leave confidential information up for others to see.
ACTIVITIES
Ref: Keirl, S. (2017). Social and Ethical Issues in Technology Education: Section Introduction. In:
de Vries, M. (eds) Handbook of Technology Education. Springer International Handbooks of
Education. Springer, Cham. https://doi.org/10.1007/978-3-319-38889-2_74-1
Week 4 and 5: COMPUTER CRIMES

SUB-TOPIC: DIFFERENT TYPES OF CYBERCRIMES
LEARNING OUTCOME:
1. Describe the different types of cybercrime
2. Apply the protection against cybercrime
CONTENT
Computer Crime also known as Cybercrime is criminal activity that either targets or uses
a computer, a computer network or a networked device.
16 Cybercrimes covered under Cybercrime Prevention Act – Republic Act 10175
1. Illegal access
 Unauthorized access (without right) to a computer system or application.
2. Illegal interception
 Unauthorized interception of any non-public transmission of computer data to, from, or
within a computer system.
3. Data Interference
 Unauthorized alteration, damaging, deletion or deterioration of computer data, electronic
document, or electronic data message, and including the introduction or transmission of
viruses. Authorized action can also be covered by this provision if the action of the
person went beyond agreed scope resulting to damages stated in this provision.
4. System Interference
 Unauthorized hindering or interference with the functioning of a computer or computer
network by inputting, transmitting, damaging, deleting, deteriorating, altering or
suppressing computer data or program, electronic document, or electronic data
messages, and including the introduction or transmission of viruses. Authorized action
can also be covered by this provision if the action of the person went beyond agreed
scope resulting to damages stated in this provision.
5. Misuse of devices
 The unauthorized use, possession, production, sale, procurement, importation,
distribution, or otherwise making available, of devices, computer program designed or
adapted for the purpose of committing any of the offenses stated in Republic Act
10175.Unauthorized use of computer password, access code, or similar data by which
the whole or any part of a computer system is capable of being accessed with intent that
it be used for the purpose of committing any of the offenses under Republic Act 10175.
6. Cyber-squatting
 Acquisition of domain name over the Internet in bad faith to profit, mislead, destroy
reputation, and deprive others from the registering the same. This includes those
[1]
existing trademark at the time of registration; names of persons other than the registrant;
and acquired with intellectual property interests in it. Those who get domain names of
prominent brands and individuals which in turn is used to damage their reputation – can
be sued under this provision. Note that freedom of expression and infringement on
trademarks or names of person are usually treated separately. A party can exercise
freedom of expression without necessarily violating the trademarks of a brand or names
of persons.
7. Computer-related Forgery
 Unauthorized input, alteration, or deletion of computer data resulting to inauthentic data
with the intent that it be considered or acted upon for legal purposes as if it were
authentic, regardless whether or not the data is directly readable and intelligible; or The
act of knowingly using computer data which is the product of computer-related forgery as
defined here, for the purpose of perpetuating a fraudulent or dishonest design.
8. Computer-related Fraud
 Unauthorized input, alteration, or deletion of computer data or program or interference in
the functioning of a computer system, causing damage thereby with fraudulent intent.
9. Computer-related Identity Theft
 Unauthorized acquisition, use, misuse, transfer, possession, alteration or deletion of
identifying information belonging to another, whether natural or juridical.
10. Cybersex
 Willful engagement, maintenance, control, or operation, directly or indirectly, of any
lascivious exhibition of sexual organs or sexual activity, with the aid of a computer
system, for favor or consideration. There is a discussion on this matter if it involves
“couples” or “people in relationship” who engage in cybersex. For as long it is not done
for favor or consideration, I don’t think it will be covered. However, if one party (in a
couple or relationship) sues claiming to be forced to do cybersex, then it can be covered.
11. Child Pornography
 Unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-
Child Pornography Act of 2009, committed through a computer system.
12. Libel
 Unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code,
as amended committed through a computer system or any other similar means which
may be devised in the future. Revised Penal Code Art. 355 states Libel means by
writings or similar means. — A libel committed by means of writing, printing, lithography,
engraving, radio, phonograph, painting, theatrical exhibition, cinematographic exhibition,
or any similar means, shall be punished by prison correctional in its minimum and
medium periods or a fine ranging from 200 to 6,000 pesos, or both, in addition to the civil
action which may be brought by the offended party. The Cybercrime Prevention Act
strengthened libel in terms of penalty provisions. The electronic counterpart of libel has
been recognized since the year 2000 when the E-Commerce Law was passed. The E-
Commerce Law empowered all existing laws to recognize its electronic counterpart
whether commercial or not in nature.
13. Aiding or Abetting in the commission of cybercrime
 Any person who willfully abets or aids in the commission of any of the offenses
enumerated in this Act shall be held liable.
14. Attempt in the commission of cybercrime
 Any person who willfully attempts to commit any of the offenses enumerated in this Act
shall be held liable.
15. All crimes defined and penalized by the Revised Penal Code, as amended, and special
laws, if committed by, through and with the use of information and communications
technologies shall be covered by the relevant provisions of this Act.
16. Corporate Liability. (Section 9)
 When any of the punishable acts herein defined are knowingly committed on behalf of or
for the benefit of a juridical person, by a natural person acting either individually or as
part of an organ of the juridical person, who has a leading position within, based on:(a) a
power of representation of the juridical person provided the act committed falls within the
scope of such authority;(b) an authority to take decisions on behalf of the juridical
person. Provided, That the act committed falls within the scope of such authority; or(c)
[1]
an authority to exercise control within the juridical person, It also includes commission of
any of the punishable acts made possible due to the lack of supervision or control.
Cybercrime New Authorities

(a) Office of Cybercrime within the DOJ designated as the central authority in all matters
relating to international mutual assistance and extradition. (section 23)
(b) Cybercrime Investigation and Coordinating Center (CICC) an inter-agency body to be
created under the administrative supervision of the Office of the President, for policy
coordination among concerned agencies and for the formulation and enforcement of the
national cybersecurity plan. (section 24)
How to protect yourself against cybercrime

1. Keep software and operating system updated
 Keeping your software and operating system up to date ensures that you benefit from
the latest security patches to protect your computer.
2. Use anti-virus software and keep it updated
 Using anti-virus or a comprehensive internet security solution. It is a smart way to protect
your system from attacks.
 Anti-virus software allows you to scan, detect and remove threats before they become a
problem. Having this protection in place helps to protect your computer and your data
from cybercrime, giving you piece of mind.
 If you use anti-virus software, make sure you keep it updated to get the best level of
protection.
3. Use strong passwords
 Be sure to use strong passwords that people will not guess and do not record them
anywhere. Or use a reputable password manager to generate strong passwords
randomly to make this easier.
 Never open attachments in spam emails
 A classic way that computers get infected by malware attacks and other forms of
cybercrime is via email attachments in spam emails. Never open an attachment from a
sender you do not know.
4. Do not click on links in spam emails or untrusted websites
 Another way people become victims of cybercrime is by clicking on links in spam emails
or other messages, or unfamiliar websites. Avoid doing this to stay safe online.
5. Do not give out personal information unless secure
 Never give out personal data over the phone or via email unless you are completely sure
the line or email is secure. Make certain that you are speaking to the person you think
you are.
6. Contact companies directly about suspicious requests
 If you get asked for data from a company who has called you, hang up. Call them back
using the number on their official website to ensure you are speaking to them and not a
cybercriminal.
 Ideally, use a different phone because cybercriminals can hold the line open. When you
think you’ve re-dialed, they can pretend to be from the bank or other organization that
you think you’re speaking to.
7. Be mindful of which website URLs you visit
 Keep an eye on the URLs you are clicking on. Do they look legitimate? Avoid clicking on
links with unfamiliar or spammy looking URLs.
8. Keep an eye on your bank statements
 Keep an eye on your bank statements and query any unfamiliar transactions with the
bank. The bank can investigate whether they are fraudulent.
ACTIVITIES
1. Cite five (5) an example of computer crimes. Discuss the roles of computer, tools in
committing the crime using a digital presentation
[1]

SUB-TOPIC: PROFESSIONAL RESPONSIBILITY USING COMPUTER
LEARNING OUTCOME:
1. Discuss the professional responsibility using computer in the workplace
2. Perform the professional responsibility using computer
CONTENT
Professional responsibility is the area of legal practice that encompasses the duties

to act in a professional manner, obey the law, avoid conflicts of interest, and put the interests
of clients ahead of their own interests
PROFESSIONAL RESPONSIBILITY USING COMPUTER

A computing professional should...
1. Strive to achieve high quality in both the processes and products of professional
work.
 Computing professionals should insist on and support high quality work from themselves
and from colleagues. The dignity of employers, employees, colleagues, clients, users,
and anyone else affected either directly or indirectly by the work should be respected
throughout the process. Computing professionals should respect the right of those
involved to transparent communication about the project. Professionals should be
cognizant of any serious negative consequences affecting any stakeholder that may
result from poor quality work and should resist inducements to neglect this responsibility.
2. Maintain high standards of professional competence, conduct, and ethical practice.

 High quality computing depends on individuals and teams who take personal and group
responsibility for acquiring and maintaining professional competence. Professional
competence starts with technical knowledge and with awareness of the social context in
which their work may be deployed. Professional competence also requires skill in
communication, in reflective analysis, and in recognizing and navigating ethical
challenges. Upgrading skills should be an ongoing process and might include
independent study, attending conferences or seminars, and other informal or formal
education. Professional organizations and employers should encourage and facilitate
these activities.
3. Know and respect existing rules pertaining to professional work.

 "Rules" here include local, regional, national, and international laws and regulations, as
well as any policies and procedures of the organizations to which the professional
[1]
belongs. Computing professionals must abide by these rules unless there is a

compelling ethical justification to do otherwise. Rules that are judged unethical should be
challenged. A rule may be unethical when it has an inadequate moral basis or causes
recognizable harm. A computing professional should consider challenging the rule
through existing channels before violating the rule. A computing professional who
decides to violate a rule because it is unethical, or for any other reason, must consider
potential consequences and accept responsibility for that action.
4. Accept and provide appropriate professional review.

 High quality professional work in computing depends on professional review at all
stages. Whenever appropriate, computing professionals should seek and utilize peer
and stakeholder review. Computing professionals should also provide constructive,
critical reviews of others' work.
5. Give comprehensive and thorough evaluations of computer systems and their

impacts, including analysis of possible risks.
 Computing professionals are in a position of trust, and therefore have a special
responsibility to provide objective, credible evaluations and testimony to employers,
employees, clients, users, and the public. Computing professionals should strive to be
perceptive, thorough, and objective when evaluating, recommending, and presenting
system descriptions and alternatives. Extraordinary care should be taken to identify and
mitigate potential risks in machine learning systems. A system for which future risks
cannot be reliably predicted requires frequent reassessment of risk as the system
evolves in use, or it should not be deployed. Any issues that might result in major risk
must be reported to appropriate parties.
6. Perform work only in areas of competence.

 A computing professional is responsible for evaluating potential work assignments. This
includes evaluating the work's feasibility and advisability, and making a judgment about
whether the work assignment is within the professional's areas of competence. If at any
time before or during the work assignment the professional identifies a lack of a
necessary expertise, they must disclose this to the employer or client. The client or
employer may decide to pursue the assignment with the professional after additional
time to acquire the necessary competencies, to pursue the assignment with someone
else who has the required expertise, or to forgo the assignment. A computing
professional's ethical judgment should be the final guide in deciding whether to work on
the assignment.
7. Foster public awareness and understanding of computing, related technologies, and

their consequences.
 As appropriate to the context and one's abilities, computing professionals should share
technical knowledge with the public, foster awareness of computing, and encourage
understanding of computing. These communications with the public should be clear,
respectful, and welcoming. Important issues include the impacts of computer systems,
their limitations, their vulnerabilities, and the opportunities that they present. Additionally,
a computing professional should respectfully address inaccurate or misleading
information related to computing.
8. Access computing and communication resources only when authorized or when

compelled by the public good.
 Individuals and organizations have the right to restrict access to their systems and data
so long as the restrictions are consistent with other principles in the Code.
Consequently, computing professionals should not access another's computer system,
software, or data without a reasonable belief that such an action would be authorized or
a compelling belief that it is consistent with the public good. A system being publicly
accessible is not sufficient grounds on its own to imply authorization. Under exceptional
circumstances a computing professional may use unauthorized access to disrupt or
inhibit the functioning of malicious systems; extraordinary precautions must be taken in
these instances to avoid harm to others.
9. Design and implement systems that are robustly and usably secure.
[1]
 Breaches of computer security cause harm. Robust security should be a primary

consideration when designing and implementing systems. Computing professionals
should perform due diligence to ensure the system functions as intended, and take
appropriate action to secure resources against accidental and intentional misuse,
modification, and denial of service. As threats can arise and change after a system is
deployed, computing professionals should integrate mitigation techniques and policies,
such as monitoring, patching, and vulnerability reporting. Computing professionals
should also take steps to ensure parties affected by data breaches are notified in a
timely and clear manner, providing appropriate guidance and remediation.
 To ensure the system achieves its intended purpose, security features should be
designed to be as intuitive and easy to use as possible. Computing professionals should
discourage security precautions that are too confusing, are situationally inappropriate, or
otherwise inhibit legitimate use.
 In cases where misuse or harm are predictable or unavoidable, the best option may be
to not implement the system.
ACTIVITIES:
1. Make a Public Service Announce (PSA)in a 2 minute video promoting the responsible
used of Computer

SUB-TOPIC: META ETHICS OF COMPUTER ETHICS
LEARNING OUTCOME:
1. Demonstrate understanding Meta ethics of Computer ethics
CONTENT
The term “meta” means after or beyond, and, consequently, the notion of meta ethics
involves a removed, or bird’s eye view of the entire project of ethics. Meta ethics define as the
study of the origin and meaning of ethical concepts. When compared to normative ethics and
applied ethics, the field of meta ethics is the least precisely defined area of moral philosophy. It
covers issues from moral semantics to moral epistemology. Two issues, though, are prominent:
(1) metaphysical issues concerning whether morality exists independently of humans, and
(2) psychological issues concerning the underlying mental basis of our moral judgments and
conduct.
Metaethical positions may be divided according to how they respond to questions such
as the following:
1. What exactly are people doing when they use moral words such as “good” and “right”?
2. What precisely is a moral value in the first place, and are such values similar to other
familiar sorts of entities, such as objects and properties?
3. Where do moral values come from—what is their source and foundation?
4. Are some things morally right or wrong for all people at all times, or does morality
instead vary from person to person, context to context, or culture to culture?
Metaethical positions respond to such questions by examining the semantics of moral

discourse, the ontology of moral properties, the significance of anthropological disagreement
about moral values and practices, the psychology of how morality affects us as embodied
human agents, and the epistemology of how we come to know moral values. The sections
below consider these different aspects of metaethics.
Three areas of Meta-ethics

1. Moral language essentially describes what people mean by describing something as
“wrong or “good”.
[1]
2. Moral psychology refers to metaethical examination of how people make moral

judgments and reasons and motivations for their behaviors.
3. Moral ontology, on the other hand, examines if the perceived moral properties are real
and existing, and whether morals are independent or causal. (Fisher, 2014.)
The Major Metaphysical Positions and their Resultant Ethics
The philosophies which were empirically evidenced in our research were the traditional
systematic philosophies of Idealism, Realism, Pragmatism, and Existentialism
1. Idealism:
The metaphysical position of the philosophy of Idealism is that reality is basically
spirit rather than matter. For the Idealist, the idea is more real than the thing, since the thing
only reflects or represents the idea. The world of spirit or idea is static and absolute.
Socrates and Plato are perhaps the best known ancient representatives of this view. While
Immanuel Kant and Thomas Hill Green are more modern Idealists.
Once the metaphysical view that reality is found in the idea is assumed, the ethical
position that goodness is to be found in the ideal (that is, in perfection) automatically follows.
Goodness is found on the immaterial level, that is, in the perfect concept, or notion, or idea,
of something. Thus, perfect goodness is never to be found in the material world. Evil, for the
Idealist, consists of the absence or distortion of the ideal. Since ideals can never change
(because they are a priori and absolute), moral imperatives concerning them do not admit of
exceptions. That is, these imperatives are stated in terms of "always" or "never." For
example: "Always tell the truth" or (put negatively) "Never tell a lie." Since truth is the
knowledge of ideal reality and a lie is a distortion of that reality, truth must always be told
and lying can never be justified.
2. Realism:
The person with a Realistic world view believes that reality is basically matter, rather
than spirit. For the Realist, the thing is more real than the idea. Whatever exists is therefore
primarily material, natural, and physical. As such, reality exists in some quantity and
therefore can be measured. It exists independently of any mind and is governed by the laws
of nature, primary among which are the laws of cause and effect. The universe, according to
the Realist, is one of natural design and order. Aristotle was an early representative of this
view. B.F. Skinner, the behavioral psychologist, is a more current representative.
The resultant ethical position that flows from a Realist metaphysics is one that views
the baseline of value as that which is natural (that is, that which is in conformity with nature).
Nature is good. One need not look beyond nature to some immaterial ideal for a standard of
right and wrong. Rather, goodness will be found by living in harmony with nature. Evil, for
the Realist, is a departure from this natural norm either in the direction of excess or defect
(i.e., having, or doing, too much or too little of something which is naturally good).
3. Pragmatism:
For the Pragmatist, metaphysics is not so simple a matter as it is for the Idealist and
Realist. Reality is neither an idea nor is it matter. It would be a mistake to view reality as
either a spiritual or physical "something." Rather, the Pragmatist believes that reality is a
process. It is a dynamic coming-to-be rather than a static fixed being. It is change,
happening, activity, interaction...in short, it is experience. Reality is more like a verb than a
noun. It is flux and flow where the concentration is not so much on the things as on the
relationship between the things. Since everything changes - indeed, the Pragmatist would
say that change is everything - nothing can have any permanent essence or identity. An
ancient Greek Pragmatist used to say in this regard: "You can't step in the same river twice."
For the Pragmatist, everything is essentially relative. The only constant is change. The only
absolute is that there are no absolutes! The Americans Charles Sanders Pierce, William
James, and John Dewey are representatives of this view.
The ethical result of the Pragmatic metaphysical position demands that value claims
must be tested and proven in practice. This is so because meaning is inherent in the
consequences of actions. In the Pragmatist's view, things are value-neutral in themselves.
There is nothing that is always good, nor is there anything that is always bad. The value of
anything is determined solely in terms of its usefulness in achieving some end. In answer to
the question, "Is that good?", a Pragmatist would probably reply, "Good for what?" Thus,
the Pragmatist believes that the end justifies the means. That is, if an act is useful for
[1]
achieving some laudable end or goal, then it becomes good. To state this another way, a
means gets its positive value from being an efficient route to the achievement of a laudable
end (a laudable end is one that brings about the greatest good for the greatest number of
people). Thus, a means is not valued for its own sake, but only in relation to its usefulness
for achieving some laudable end. Results or consequences are the ultimate measure of
goodness for a Pragmatist, since the usefulness of a means to an end can only be judged
after the fact by its effect on the end. Thus, for the Pragmatist, there can be no assurance
that something is good...until it is tried. Even then, it is only held tentatively as good since a
thing is good only as long as it continues to work. There can, however, be a dispute about
which means are more effective for achieving an end. Indeed, there can be a dispute about
which ends should, in fact, be pursued. Thus, the Pragmatist looks for guidance from the
group. The reasons for this are metaphysical: reality is experience, but it is the experience of
the whole. For the Pragmatist, the whole is greater than the sum of its parts. This means
that the whole is more valuable than any of its parts. In the field of value judgments, the
group's wisdom is more highly esteemed than the wisdom of any individual within the group.
4. Existentialism:
The Existentialist joins with the Pragmatist in rejecting the belief that reality is a priori
and fixed. But instead of believing that reality is a process whose meaning is defined
primarily by the controlling group, Existentialist metaphysics holds that reality must be
defined by each autonomous individual. The Existentialist notions of subjectivity and
phenomenological self-emphasize that the meaning or surdity of an otherwise "absurd"
universe is individually determined. Any meaning that gets into the world must be put in it by
the individual, and that meaning or value will hold only for that individual. Thus each
person's world, as well as each person's own identity, is the product of that person's own
choice. Thus, each person can be defined as the sum of that person's choices. A person's
world is what that person chooses it to be. Thus, reality is different for each individual. We
each live in our own world and we are who we choose to be. Soren Kierkegaard and Jean-
Paul Sartre are frequently associated with this view. Like the Existentialist position on reality,
its ethical position is that the individual must create his/her own value.
There is no escape from the necessity of creating values. Just as the world is defined
by the choices regarding reality that an individual makes, so the individual must express
her/his own preferences. In making choices, or defining values, the individual becomes
responsible for those choices. The individual cannot deflect praise or blame for those
choices onto others. If the choices were freely made, then responsibility for them must be
accepted. While groups might influence what choices an individual makes, there is a zone of
freedom within each individual that cannot be conditioned or predetermined. While
emphasizing a highly individualized choice of values, an Existentialist is not necessarily a
non-conformist, but if an Existentialist does conform to the values of a group it will be
because that person has freely chosen to do so -- not because they have been pressured to
do so by the group.
ACTIVITIES:
1. Make an Infographics illustrating Computer Ethic
[1]
Week 10 and 11: OBSCENE MATERIALS

SUB-TOPIC: OBSCENE MATERIALS AND ITS CHARACTERISTICS
LEARNING OUTCOME:
1. Describe the characteristics of obscene materials
2. Identify the obscene materials
CONTENT:
Obscenity refers to a narrow category of pornography that violates contemporary

community standards and has no serious literary, artistic, political or scientific value.
For adults at least, most pornography — material of a sexual nature that arouses many
readers and viewers — receives constitutional protection. However, there are two types of
pornography
1. obscenity and
2. child pornography
Sometimes, material is classified as “harmful to minors” (or obscene as to minors), even

though adults can have access to the same material.
Obscene Materials
It is illegal for an individual who knows the obscene character of the materials or
performance involved to:
 Display or permit the display of explicit sexual materials in windows, newsstands,
showcases, display racks, billboards, movie screens or similar places where they are
visible from public streets or any other public thoroughfares, or in a business, where the
public, including those under 18, can see them.
 Sell, lend, distribute, transmit, exhibit, give away or show obscene materials to someone
18 or older, or offer to do so.
 Write, print, publish, utter or cause to be written printed, published or uttered, how
obscene materials can be purchased or obtained.
 Design, copy, draw, photograph, print, utter, publish or manufacture any obscene
materials.
[1]
 Write, print, publish, utter or cause to be written, printed, published or uttered any
advertisement or notice of where, how and from whom obscene materials can be
purchased or obtained.
 Produce, present or direct any obscene performance or participate in a portion of one.
 Hire, employ, use or permit a minor to participate in displaying, creating or selling
obscene materials.
 Knowingly take or deliver obscene materials to any correctional facility, or permit them to
enter if you are an employee.
 Disseminate explicit sexual material as unsolicited ads via electronic communication,
such as over the Internet, without including “ADV-ADULT” at the beginning of the subject
line.
 Knowingly sell or loan explicit sexual materials to a minor.
 Knowingly sell an admission ticket to a minor for a movie or performance which includes
nudity, sexual conduct or sadomasochistic abuse and/or is harmful to minors, unless
they are accompanied by a parent.
Obscenity in the Internet Age

In the late 20th and early 21st century, differences between countries regarding legal
definitions and cultural conceptions of obscenity became increasingly important with the
development of the Internet, which enabled anyone with a computer to view materials—
including texts, images, and motion pictures—originating from virtually anywhere in the world.
The ease with which sexually explicit material could be viewed over the Internet complicated the
regulation of child pornography in many jurisdictions, in particular because of differences
between countries regarding the legal definition of childhood, the legal age of sexual consent,
and tolerance of suggestive or indecent images of children.
Various solutions were attempted, particularly in the United States, to limit access to
what were considered obscene Internet sites (e.g., by requiring that libraries deny access to
Web sites of a sexual nature). However, the courts in the United States showed little sympathy
toward such efforts. Particularly problematic was that material considered obscene by some
may be considered to have social merit by others (e.g., information about breast-cancer
prevention or sex education). Countries that had some success in reducing access to Internet
pornography (e.g., China and Saudi Arabia) adopted stringent restrictions on most Internet
access. Despite these problems, there were moves in Western countries to adopt consistent
policies toward child pornography, often along the lines of the relatively strict laws of the United
States.
ACTIVITIES:
1. Make a poster giving warning or precautions in obscene materials
[1]
Week 12 and 13: PRIVACY

SUB-TOPIC: DATA PRIVACY ACT
LEARNING OUTCOME:
1. Demonstrate understanding the data privacy act
CONTENT:
Data privacy or information privacy is a branch of data security concerned with the
proper handling of data – consent, notice, and regulatory obligations. More specifically, practical
data privacy concerns often revolve around:
1. Whether or how data is shared with third parties.
2. How data is legally collected or stored.
3. Regulatory restrictions
Importance of Data Privacy

There are two drivers for why data privacy is one of the most significant issues in our
industry.
 First, data is the most important assets a company has. With the rise of the data
economy, companies find enormous value in collecting, sharing and using data.
Companies such as Google, Facebook, and Amazon have all built empires atop the data
economy. Transparency in how businesses request consent, abide by their privacy
policies, and manage the data that they’ve collected is vital to building trust and
accountability with customers and partners who expect privacy. Many companies have
learned the importance of privacy the hard way, through highly publicized privacy fails.
 Second, privacy is the right of an individual to be free from uninvited surveillance. To
safely exist in one’s space and freely express one’s opinions behind closed doors is
critical to living in a democratic society.
Data Privacy vs. Data Security
[1]
Organizations commonly believe that keeping sensitive data secure from hackers means
they’re automatically compliant with data privacy regulations. This is not the case.
Data Security and data privacy are often used interchangeably, but there are distinct
differences:
 Data Security protects data from compromise by external attackers and malicious
insiders.
 Data Privacy governs how data is collected, shared and used.
Consider a scenario where you’ve gone to great lengths to secure personally identifiable
information (PII). The data is encrypted, access is restricted, and multiple overlapping
monitoring systems are in place. However, if that PII was collected without proper consent, you
could be violating a data privacy regulation even though the data is secure.
Republic Act No. 10173

Otherwise known as the Data Privacy Act is a law that seeks to protect all forms of
information, be it private, personal, or sensitive. It is meant to cover both natural and juridical
persons involved in the processing of personal information.
Scope of the Data Privacy Act

The Data Privacy Act applies to any natural or juridical persons involved in the
processing of personal information. It also covers those who, although not found or established
in the Philippines, use equipment located in the Philippines, or those who maintain an office,
branch, or agency in the Philippines.
Processing of Personal Information

SEC. 11. General Data Privacy Principles. – The processing of personal information
shall be allowed, subject to compliance with the requirements of this Act and other laws allowing
disclosure of information to the public and adherence to the principles of transparency,
legitimate purpose and proportionality.
Personal information must, be:

a. Collected for specified and legitimate purposes determined and declared before, or as
soon as reasonably practicable after collection, and later processed in a way compatible
with such declared, specified and legitimate purposes only;
b. Processed fairly and lawfully;
c. Accurate, relevant and, where necessary for purposes for which it is to be used the
processing of personal information, kept up to date; inaccurate or incomplete data must
be rectified, supplemented, destroyed or their further processing restricted;
d. Adequate and not excessive in relation to the purposes for which they are collected and
processed;
e. Retained only for as long as necessary for the fulfillment of the purposes for which the
data was obtained or for the establishment, exercise or defense of legal claims, or for
legitimate business purposes, or as provided by law; and
f. Kept in a form which permits identification of data subjects for no longer than is
necessary for the purposes for which the data were collected and
processed: Provided, That personal information collected for other purposes may lie
processed for historical, statistical or scientific purposes, and in cases laid down in law
may be stored for longer periods: Provided, further, That adequate safeguards are
guaranteed by said laws authorizing their processing.
The personal information controller must ensure implementation of personal information

processing principles set out herein.
SEC. 12. Criteria for Lawful Processing of Personal Information. – The processing

of personal information shall be permitted only if not otherwise prohibited by law, and when at
least one of the following conditions exists:
(a) The data subject has given his or her consent;
(b) The processing of personal information is necessary and is related to the fulfillment of a
contract with the data subject or in order to take steps at the request of the data subject
prior to entering into a contract;
[1]
(c) The processing is necessary for compliance with a legal obligation to which the personal
information controller is subject;
(d) The processing is necessary to protect vitally important interests of the data subject,
including life and health;
(e) The processing is necessary in order to respond to national emergency, to comply with
the requirements of public order and safety, or to fulfill functions of public authority which
necessarily includes the processing of personal data for the fulfillment of its mandate; or
(f) The processing is necessary for the purposes of the legitimate interests pursued by the
personal information controller or by a third party or parties to whom the data is
disclosed, except where such interests are overridden by fundamental rights and
freedoms of the data subject which require protection under the Philippine Constitution.
SEC. 13. Sensitive Personal Information and Privileged Information. – The

processing of sensitive personal information and privileged information shall be prohibited,
except in the following cases:
(a) The data subject has given his or her consent, specific to the purpose prior to the
processing, or in the case of privileged information, all parties to the exchange have
given their consent prior to processing;
(b) The processing of the same is provided for by existing laws and
regulations: Provided, that such regulatory enactments guarantee the protection of the
sensitive personal information and the privileged information: Provided, further, That the
consent of the data subjects are not required by law or regulation permitting the
processing of the sensitive personal information or the privileged information;
(c) The processing is necessary to protect the life and health of the data subject or another
person, and the data subject is not legally or physically able to express his or her
consent prior to the processing;
(d) The processing is necessary to achieve the lawful and noncommercial objectives of
public organizations and their associations: Provided, that such processing is only
confined and related to the bona fide members of these organizations or their
associations: Provided, further, That the sensitive personal information are not
transferred to third parties: Provided, finally, that consent of the data subject was
obtained prior to processing;
(e) The processing is necessary for purposes of medical treatment, is carried out by a
medical practitioner or a medical treatment institution, and an adequate level of
protection of personal information is ensured; or
(f) The processing concerns such personal information as is necessary for the protection of
lawful rights and interests of natural or legal persons in court proceedings, or the
establishment, exercise or defense of legal claims, or when provided to government or
public authority.
SEC. 14. Subcontract of Personal Information. – A personal information controller

may subcontract the processing of personal information: Provided, That the personal
information controller shall be responsible for ensuring that proper safeguards are in place to
ensure the confidentiality of the personal information processed, prevent its use for
unauthorized purposes, and generally, comply with the requirements of this Act and other laws
for processing of personal information. The personal information processor shall comply with all
the requirements of this Act and other applicable laws.
SEC. 15. Extension of Privileged Communication. – Personal information controllers

may invoke the principle of privileged communication over privileged information that they
lawfully control or process. Subject to existing laws and regulations, any evidence gathered on
privileged information is inadmissible.
Security of Personal Information

SEC. 20. Security of Personal Information.
(b) The personal information controller must implement reasonable and appropriate
organizational, physical and technical measures intended for the protection of personal
information against any accidental or unlawful destruction, alteration and disclosure, as well
as against any other unlawful processing.
(c) The personal information controller shall implement reasonable and appropriate measures
to protect personal information against natural dangers such as accidental loss or
[1]
destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful
destruction, alteration and contamination.
(d) The determination of the appropriate level of security under this section must take into
account the nature of the personal information to be protected, the risks represented by the
processing, the size of the organization and complexity of its operations, current data
privacy best practices and the cost of security implementation. Subject to guidelines as the
Commission may issue from time to time, the measures implemented must include:
(1) Safeguards to protect its computer network against accidental, unlawful or unauthorized
usage or interference with or hindering of their functioning or availability;
(2) A security policy with respect to the processing of personal information;
(3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its
computer networks, and for taking preventive, corrective and mitigating action against
security incidents that can lead to a security breach; and
(4) Regular monitoring for security breaches and a process for taking preventive, corrective
and mitigating action against security incidents that can lead to a security breach.
(e) The personal information controller must further ensure that third parties processing
personal information on its behalf shall implement the security measures required by this
provision.
(f) The employees, agents or representatives of a personal information controller who are
involved in the processing of personal information shall operate and hold personal
information under strict confidentiality if the personal information are not intended for public
disclosure. This obligation shall continue even after leaving the public service, transfer to
another position or upon termination of employment or contractual relations.
(g) The personal information controller shall promptly notify the Commission and affected data
subjects when sensitive personal information or other information that may, under the
circumstances, be used to enable identity fraud are reasonably believed to have been
acquired by an unauthorized person, and the personal information controller or the
Commission believes (bat such unauthorized acquisition is likely to give rise to a real risk of
serious harm to any affected data subject. The notification shall at least describe the nature
of the breach, the sensitive personal information possibly involved, and the measures taken
by the entity to address the breach. Notification may be delayed only to the extent
necessary to determine the scope of the breach, to prevent further disclosures, or to restore
reasonable integrity to the information and communications system.
(1) In evaluating if notification is unwarranted, the Commission may take into account
compliance by the personal information controller with this section and existence of good
faith in the acquisition of personal information.
(2) The Commission may exempt a personal information controller from notification where,
in its reasonable judgment, such notification would not be in the public interest or in the
interests of the affected data subjects.
(3) The Commission may authorize postponement of notification where it may hinder the
progress of a criminal investigation related to a serious breach.
Accountability for Transfer of Personal Information

SEC. 21. Principle of Accountability. – Each personal information controller is
responsible for personal information under its control or custody, including information that have
been transferred to a third party for processing, whether domestically or internationally, subject
to cross-border arrangement and cooperation.
(a) The personal information controller is accountable for complying with the requirements of
this Act and shall use contractual or other reasonable means to provide a comparable level
of protection while the information is being processed by a third party.
(b) The personal information controller shall designate an individual or individuals who are
accountable for the organization’s compliance with this Act. The identity of the individual(s)
so designated shall be made known to any data subject upon request.
ACTIVITIES:
1. Look for articles/reading concerning in data privacy. Write a 200 words analysis how
data privacy act implemented
[1]

SUB-TOPIC: DIGITAL CITIZENSHIP
LEARNING OUTCOME:
1. Explain what is digital citizenship
2. Identify the competencies of digital citizenship
CONTENT
A digital citizen is someone who, through the development of a broad range of

competences, is able to actively, positively and responsibly engage in both on and offline
communities, whether local, national or global. As digital technologies are disruptive in nature
and constantly evolving, competence building is a lifelong Page 12 Digital citizenship education
handbook process that should begin from earliest childhood at home and at school, in formal,
informal and non-formal educational settings.
Digital citizenship and engagement involves a wide range of activities, from creating,
consuming, sharing, playing and socializing, to investigating, communicating, learning and
working. Competent digital citizens are able to respond to new and everyday challenges related
to learning, work, employability, leisure, inclusion and participation in society,3 respecting
human rights and intercultural differences.
Digital Citizenship Competencies

To place these competences into the digital environment in which young people grow up
today, and drawing on research from frequently cited experts and organizations in the field, a
set of 10 digital domains have been defined as underpinning the overall concept of digital
citizenship. These are divided into three areas, which correspond to the three sections
described as follows.
[1]
1. Being online
 Access and inclusion concerns access to the digital environment and includes a range
of competences that relate not only to overcoming different forms of digital exclusion but
also to the skills needed by future citizens to participate in digital spaces that are open to
every kind of minority and diversity of opinion.
 Learning and creativity refers to the willingness and the attitude of citizens towards
learning in digital environments over their life course, both to develop and express
different forms of creativity, with different tools, in different contexts. It covers the
development of personal and professional competences as citizens prepare for the
challenges of technology-rich societies with confidence and in innovative ways.
 Media and information literacy concerns the ability to interpret, understand and
express creativity through digital media, as critical thinkers. Being media and information
literate is something that needs to be developed through education and through a
constant exchange with the environment around us. It is essential to go beyond simply
“being able to” use one or another media, for example, or simply to “be informed” about
something. A digital citizen has to maintain an attitude relying on critical thinking as a
basis for meaningful and effective participation in his/her community.
2. Well-being online
 Ethics and empathy concerns online ethical behavior and interaction with others based
on skills such as the ability to recognize and understand the feelings and perspectives of
others. Empathy constitutes an essential requirement for positive online interaction and
for realizing the possibilities that the digital world affords.
 Health and well-being relates to the fact that digital citizens inhabit both virtual and real
spaces. For this reason, the basic skills of digital competence alone are not sufficient.
Individuals also require a set of attitudes, skills, values and knowledge that render them
more aware of issues related to health and well-being. In a digitally rich world, health
and well-being imply being aware of challenges and opportunities that can affect
wellness, including but not limited to online addiction, ergonomics and posture, and
excessive use of digital and mobile devices.
 e-Presence and communications refers to the development of the personal and
interpersonal qualities that support digital citizens in building and maintaining an online
presence and identity as well as online interactions that are positive, coherent and
consistent. It covers competences such as online communication and interaction with
others in virtual social spaces, as well as the management of one’s data and traces.
3. Rights online
 Active participation relates to the competences that citizens need to be fully aware of
when they interact within the digital environments they inhabit in order to make
responsible decisions, while participating actively and positively in the democratic
cultures in which they live.
 Rights and responsibilities are something citizens enjoy in the physical world, and
digital citizens in the online world also have certain rights and responsibilities. Digital
citizens can enjoy rights of privacy, security, access and inclusion, freedom of
expression and more. However, with those rights come certain responsibilities, such as
ethics and empathy and other responsibilities to ensure a safe and responsible digital
environment for all.
 Privacy and security includes two different concepts: privacy concerns mainly the
personal protection of one’s own and others’ online information, while security is related
more to one’s own awareness of online actions and behavior. It covers competences
such as information management and online safety issues (including the use of
navigation filters, passwords, anti-virus and firewall software) to deal with and avoid
dangerous or unpleasant situations.
 Consumer awareness relates to the fact that the World Wide Web, with its broad
dimensions, such as social media and other virtual social spaces, is an environment
where often the fact of being a digital citizen also means being a consumer.
Understanding the implications of the commercial reality of online spaces is one of the
competences that individuals will have to deal with in order to maintain their autonomy
as digital citizens.
Stakeholders and implication for policy and practice in digital citizenship
[1]
1. Students
 educate and protect themselves
 organize genuine participation
 develop empowerment in terms of competences
2. Parents
 get involved in internet and citizenship debate
 help children balance the social and interpersonal implication of using online technology
 regularly communicate with their children and schools in order to help develop the skills
of involved and informed digital citizens
3. Teachers
 increase their knowledge and teaching practices in parallel to the interactive tools used
by their students
 equip teachers with the competences required for implementing and assessing CDC
 rethink the role of teachers in the digital era
4. School management
 considers all options of best practices with regards to internet policy
 includes parents, teachers, students, administrators and school board members as part
of the decision-making process for safe, legal and ethical use of digital information an
5. Academia
 produces resources and research in pedagogy and didactics in the field of digital
citizenship
 locally develops resources, where possible, in order to ensure the most engagement and
implication
6. Local educating communities

 develop formal, non-formal and informal education systems to shape children’s digital
literacy practices
 consider the emergence of so called “civic tech”, which uses technology to address
various aspects of digital citizenship
7. Regulatory authorities
 determine that children’s rights are respected within their competences
 actively encourage education authorities to educate citizens in the digital area
ACTIVITIES
1. Write a persuasive speech to influence people to become digital citizenship. Video

yourself delivering the speech and upload in any social media account.
[1]

SUB-TOPIC: DATA ENCRYPTION
LEARNING OUTCOME:
1. Discuss the data encryption
2. Apply the data encryption in computer programming.
CONTENT
Encryption refers to the coding of information in order to keep it secret. Encryption is

accomplished by transforming the string of characters comprising the information to produce a
new string that is a coded form of the information. This is called a cryptogram or cipher text and
may be safely stored or transmitted. At a later time, it can be deciphered by reversing the
encrypting process to recover the original information, which is called plaintext.
Data encryption has been used to send secret military and political messages from the
days of Julius Caesar to the present. Recent applications include the Washington-Moscow
hotline, electronic funds transfer, electronic mail, database security, and many other situations
in which the transmission of secret data is crucial. Less profound applications have included
Captain Midnight secret decoder rings that could be obtained in the 1950s for twenty-five cents
and two Ovaltine labels, puzzles appearing in the daily newspaper, and a number of other
frivolous applications. In this section we describe some encryption schemes ranging from the
Caesar cipher scheme of the first century B.C. to the Data Encryption Standard and the public
key encryption schemes of the 20th century.
Data Encryption Standard
[1]
The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of

digital data. Although its short key length of 56 bits makes it too insecure for applications, it has
been highly influential in the advancement of cryptography.
Developed in the early 1970s at IBM and based on an earlier design by Horst Feistel,
the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's
invitation to propose a candidate for the protection of sensitive, unclassified electronic
government data. In 1976, after consultation with the National Security Agency (NSA), the NBS
selected a slightly modified version (strengthened against differential cryptanalysis, but
weakened against brute-force attacks), which was published as an official Federal Information
Processing Standard (FIPS) for the United States in 1977.
The publication of an NSA-approved encryption standard led to its quick international
adoption and widespread academic scrutiny. Controversies arose from classified design
elements, a relatively short key length of the symmetric-key block cipher design, and the
involvement of the NSA, raising suspicions about a backdoor. The S-boxes that had prompted
those suspicions were designed by the NSA to remove a backdoor they secretly knew
(differential cryptanalysis). However, the NSA also ensured that the key size was drastically
reduced so that they could break the cipher by brute force attack. The intense academic
scrutiny the algorithm received over time led to the modern understanding of block ciphers and
their cryptanalysis.
DES is insecure due to the relatively short 56-bit key size. In January 1999, distributed.net and
the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15
minutes. There are also some analytical results which demonstrate theoretical weaknesses in
the cipher, although they are infeasible in practice. The algorithm is believed to be practically
secure in the form of Triple DES, although there are theoretical attacks. This cipher has been
superseded by the Advanced Encryption Standard (AES). DES has been withdrawn as a
standard by the National Institute of Standards and Technology.
Some documents distinguish between the DES standard and its algorithm, referring to
the algorithm as the DEA (Data Encryption Algorithm).
ACTIVITIES:
1. Create a diagram to discuss the process of data encryption
Week 18 and 19: CYBER PROTECTION

SUB-TOPIC: CYBERSECURITY
LEARNING OUTCOME:
1. Describe the social and ethical issues in Technology
CONTENT
Cyber security is the practice of defending computers, servers, mobile devices,

electronic systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of contexts,
from business to mobile computing, and can be divided into a few common categories.
 Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.
 Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is deployed.
 Information security protects the integrity and privacy of data, both in storage and in
transit.
 Operational security includes the processes and decisions for handling and protecting data
assets. The permissions users have when accessing a network and the procedures that
determine how and where data may be stored or shared all fall under this umbrella.
[1]
 Disaster recovery and business continuity define how an organization responds to a

cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business continuity
is the plan the organization falls back on while trying to operate without certain resources.
 End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow
good security practices. Teaching users to delete suspicious email attachments, not plug in
unidentified USB drives, and various other important lessons is vital for the security of any
organization.
TYPES OF CYBER THREATS

The threats countered by cyber-security are three-fold:
1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.
COMMON METHODS USED TO THREATEN CYBER-SECURITY:
1. Malware
Malware means malicious software. One of the most common cyber threats,
malware is software that a cybercriminal or hacker has created to disrupt or damage a
legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-
looking download, malware may be used by cybercriminals to make money or in politically
motivated cyber-attacks.
There are a number of different types of malware, including:
 Virus: A self-replicating program that attaches itself to clean file and spreads throughout
a computer system, infecting files with malicious code.
 Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick
users into uploading Trojans onto their computer where they cause damage or collect
data.
 Spyware: A program that secretly records what a user does, so that cybercriminals can
make use of this information. For example, spyware could capture credit card details.
 Ransomware: Malware which locks down a user’s files and data, with the threat of
erasing it unless a ransom is paid.
 Adware: Advertising software which can be used to spread malware.
 Botnets: Networks of malware infected computers which cybercriminals use to perform
tasks online without the user’s permission.
2. SQL injection
An SQL (structured language query) injection is a type of cyber-attack used to take
control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-
driven applications to insert malicious code into a databased via a malicious SQL statement.
This gives them access to the sensitive information contained in the database.
3. Phishing
Phishing is when cybercriminals target victims with emails that appear to be from a
legitimate company asking for sensitive information. Phishing attacks are often used to dupe
people into handing over credit card data and other personal information.
4. Man-in-the-middle attack
A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts
communication between two individuals in order to steal data. For example, on an unsecure
WiFi network, an attacker could intercept data being passed from the victim’s device and the
network.
5. Denial-of-service attack
A denial-of-service attack is where cybercriminals prevent a computer system from
fulfilling legitimate requests by overwhelming the networks and servers with traffic. This
renders the system unusable, preventing an organization from carrying out vital functions.
[1]
ACTIVITIES:
1. Create a blog related to Cybersecurity
Week 20 and 21: CYBER PROTECTION

SUB-TOPIC: CYBERHACKING
LEARNING OUTCOME:
1. Identify the different kinds of hacking
2. Apply protection on your online presence
CONTENT:
Hacking is identifying weakness in computer systems or networks to exploit its

weaknesses to gain access.
A Hacker is a person who finds and exploits the weakness in computer systems and/or
networks to gain access. Hackers are usually skilled computer programmers with knowledge of
computer security.
Hackers are classified according to the intent of their actions. The following list classifies
hackers according to their intent.
1. Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the
identified weaknesses. They may also perform penetration Testing and vulnerability
assessments.
[1]
2. Cracker (Black hat): A hacker who gains unauthorized access to computer systems for
personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer
funds from bank accounts etc.
3. Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into
computer systems without authority with a view to identify weaknesses and reveal them to
the system owner.
4. Script kiddies: A non-skilled person who gains access to computer systems using already
made tools.
5. Hacktivist: A hacker who use hacking to send social, religious, and political, etc.
messages. This is usually done by hijacking websites and leaving the message on the
hijacked website.
6. Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of
computers.
Cyber Threats
The following are the most recent cyber threats that have been reported on:
1. Dridex malware
 In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an
organized cyber-criminal group for their part in a global Dridex malware attack. This
malicious campaign affected the public, government, infrastructure and business
worldwide.
 Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it
infects computers though phishing emails or existing malware. Capable of stealing
passwords, banking details and personal data which can be used in fraudulent
transactions, it has caused massive financial losses amounting to hundreds of millions.
 In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the
public to “ensure devices are patched, anti-virus is turned on and up to date and files are
backed up”.
2. Romance scams
 In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that
cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take
advantage of people seeking new partners, duping victims into giving away personal
data.
 The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019,
with financial losses amounting to $1.6 million.
3. Emotet malware
 In late 2019, The Australian Cyber Security Centre warned national organizations about
a widespread global cyber threat from Emotet malware.
 Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet
thrives on unsophisticated password: a reminder of the importance of creating a secure
password to guard against cyber threats.
CYBER SAFETY TIPS - PROTECT YOURSELF AGAINST CYBERATTACKS

1. Update your software and operating system: This means you benefit from the latest
security patches.
2. Use anti-virus software: Security solutions will detect and removes threats. Keep your
software updated for the best level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be infected with
malware.
5. Do not click on links in emails from unknown senders or unfamiliar websites: This is a
common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you
vulnerable to man-in-the-middle attacks.
Ethical Hacking
 Information is one of the most valuable assets of an organization. Keeping information
secure can protect an organization’s image and save an organization a lot of money.
[1]
 Hacking can lead to loss of business for organizations that deal in finance such as
PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would
otherwise lead to loss of business.
Legality of Ethical Hacking

 Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section
on the definition of ethical hacking.
 The International Council of E-Commerce Consultants (EC-Council) provides a
certification program that tests individual’s skills. Those who pass the examination are
awarded with certificates. The certificates are supposed to be renewed after some time.
ACTIVITIES:
1. Create a blog related to Cyber hacking
REFERENCES:
 https://www.acm.org/code-of-ethics
 https://iep.utm.edu/ethics/
 http://www.philocomp.net/home/ethics.htm
 https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security
 http://www.itu.int/ITU-D/cyb/cybersecurity/docs/Cybercrime%20legislation%20EV6.pdf
[1]

Kaway-Aralan (Flexible Learning Delivery) : School of Information and Knowledge Management

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Kaway-Aralan (Flexible Learning Delivery) : School of Information and Knowledge Management

Uploaded by

Copyright:

Available Formats

SCHOOL OF INFORMATION AND KNOWLEDGE Introduction to ICT Education:

MANAGEMENT ICT Professional Code of Ethics

COURSE CODE COURSE TITLE NAME OF FACULTY

PNU Flexible Learning Delivery: KAWAY-ARALAN sa BAGONG KADAWYAN

Kaway-Aralan (Flexible Learning Delivery)

THIS TOOL KIT IS FOR PNU USE ONLY

FLEXIBLE COURSE PLAN

PNU shall become internationally recognized and nationally responsive

This course is designed to help students understand the range of impacts

Innovative and critical in handling technology and applying it to enhance learning

Identify the What are the Discussion Cite an Presentation

Describe the What are the Scavenger

Discuss the What is the

How to apply data

Apply Protection Cybersecurity Discussion Create a blog Rubric for

Performance Course Performance Indicator Evidence of Performance Performance

Week 1: CODE OF ETHICS

Categories of Intellectual property

b. Internet etiquette or “netiquette”

Here are some of the rules of netiquette:

Issues in Code of Ethics

The Ten Commandments in ICT Code of Ethics

1. Do not use a computer in ways that may harm other people

2. Do not use computer technology to cause interference in other users' work.

3. Do not spy on another person's computer data.

4. Do not use computer technology to steal information.

5. Do not contribute to the spread of misinformation using computer technology.

7. Do not use someone else's computer resources unless authorized to.

8. It is wrong to claim ownership on a work which is the output of someone else's

Week 2 and 3: CODE OF ETHICS

Ethical Issues for Safety and Security

Week 4 and 5: COMPUTER CRIMES

16 Cybercrimes covered under Cybercrime Prevention Act – Republic Act 10175

Cybercrime New Authorities

How to protect yourself against cybercrime

Week 6 and 7: CODE OF ETHICS

Professional responsibility is the area of legal practice that encompasses the duties

PROFESSIONAL RESPONSIBILITY USING COMPUTER

2. Maintain high standards of professional competence, conduct, and ethical practice.

3. Know and respect existing rules pertaining to professional work.

belongs. Computing professionals must abide by these rules unless there is a

4. Accept and provide appropriate professional review.

5. Give comprehensive and thorough evaluations of computer systems and their

6. Perform work only in areas of competence.

7. Foster public awareness and understanding of computing, related technologies, and

8. Access computing and communication resources only when authorized or when

 Breaches of computer security cause harm. Robust security should be a primary

Week 8 and 9: CODE OF ETHICS

Metaethical positions respond to such questions by examining the semantics of moral

Three areas of Meta-ethics

2. Moral psychology refers to metaethical examination of how people make moral

The Major Metaphysical Positions and their Resultant Ethics

1. Make an Infographics illustrating Computer Ethic

Week 10 and 11: OBSCENE MATERIALS

Obscenity refers to a narrow category of pornography that violates contemporary

Sometimes, material is classified as “harmful to minors” (or obscene as to minors), even

Obscenity in the Internet Age

1. Make a poster giving warning or precautions in obscene materials

Week 12 and 13: PRIVACY

Importance of Data Privacy

Data Privacy vs. Data Security

Republic Act No. 10173

Scope of the Data Privacy Act