Professional Documents
Culture Documents
Cyber Security Preparedness An Assessment
Cyber Security Preparedness An Assessment
2023
HOLY ANGEL UNIVERSITY
APPROVAL SHEET
Mendoza and Stephen Redge M. Pangilinan In partial fulfilment for the degree Bachelor
of Science in Criminology has been examined for acceptance and oral examination.
Thesis Adviser
ORAL EXAMINATION
Chairman, Panel
Member Member
APPROVAL
Accepted and approved in partial fulfilment of the requirements for the degree
and applications are vulnerable to attacks from attackers who can use malicious
barrier. This gives hackers and cybercriminals access to control the system,
access the data, and steal their valuable assets. In Kaspersky's global ranking,
the Philippines is now rated fourth overall, behind Belarus, Algeria, and
moving up two points. This basically means that Filipinos who were largely
confined to their houses during the second year of the outbreak were exposed to
additional hazards of the Internet more often. Web risks include attacks that use
individuals are in this day and age, when technology is a common tool used by
sphere, this output will be most helpful to the community since it will increase
their knowledge of and interest in protecting their data online. As they plan their
cyber security to safeguard themselves in the cyber world, this study may also
Technology program on their preparedness for cyber security. For the purpose of
conducting an online survey form using Google Forms, the researcher utilized
Approval Sheet
Abstract …………………………………………………………………………………. ii
Acknowledgement ………………………………………………………………………iii
Dedication ……………………………………………………………………………… iv
Table of Contents ………………………………………………………………………...v
Literature Review………………………………………………………………. 4
Chapter 2 – Methodology……………………………………………………………...19
Research Design..…….………………………….................................................19
Research Instrument……………………………………………………………..21
Data Collection……………………………………………………......................22
Conclusions……………………………………………………………………..34
Recommendation………………………………………………………………..36
viii
Appendices……………………..………………………….…………………………... 43
List of Tables
Table 2. …………………………………….
Table 3. …….…………………………………………..
Table 4. …………………………………………………………………………………..
Cyber Security Preparedness: An Assessment 1
INTRODUCTION
The world we live in is very advanced in technology and the nature of the
internet, and web applications are an example of a critical component of any online-based
attackers can launch malicious malware to attack their victims by breaching the security
barrier of the organization, allowing hackers and cybercriminals to manage the system
and gain access to the data and steal their valuable assets.
Any illegal activity that is carried out using a computer system or any situation in
cybercrime. Cyberattacks have an effect on millions upon millions of people who use the
internet. Cyberattacks serve as a wake-up call about the scope of cybercrime and how
exposed everyone is, despite the fact that the damage is relatively minor in comparison to
the amount of Internet traffic. Cybercrime is an umbrella term that can refer to any
illegal activity that takes place on the internet, in a private or public network, or on a
computer system that is located within an organization. The unfortunate truth is that these
crimes are now more prevalent on a global scale as a result of the rise of orchestrated
cyberattacks, which pose a threat not only to private citizens and companies but also to
governments all over the world. Recent advancements in the malicious online behavior of
certain individuals.
The Philippines, along with other developing nations in South East Asia and other
parts of the world, continues to struggle with the challenge of effectively combating the
Cyber Security Preparedness: An Assessment 2
issue of unlawful cyber activity and cybercrime victimization. This is a challenge that is
shared by other developing nations around the world. It is anticipated that technology will
be utilized more frequently as it expands and spreads across the various industries and
businesses of the country despite the absence of preventative measures and, in some
instances, a lack of awareness of the risks associated with the inappropriate use of this
and ongoing efforts to improve political stability and national security provide ideal
conditions for the growth of a variety of illegal online operations. These conditions are
made possible by the ongoing efforts to improve political stability and national security.
The healthcare sector in the Philippines is one of the most exposed to cyberattacks
industries in Indonesia, Thailand, and the Philippines as well as the healthcare sector in
the Philippines. Threat actors can avoid authentication with ProxyLogon and remotely
run programs as privileged users. This implies that hostile individuals can access a
victim's server from any place with internet access. The Philippines is also the most hit
authentication and run code as a privileged user. In Malaysia and Pakistan, it is also
typical. Attacks using ProxyLogon and ProxyShell provide online criminals the freedom
the government and business sectors are most at risk from ProxyLogon and ProxyShell.
Cyber Security Preparedness: An Assessment 3
Attackers "plan to attack, exchange data, and get money on the Darknet," it continued,
adding that malware was concealed in these organizations' infrastructure and that data
about their users was being sold on Darknet forums. Keeping public-facing systems
updated is the best way to combat these threats. Additionally, businesses should avoid
using the internet to directly access their exchange servers. (Kaspersky, 2022)
time, in conjunction with the country's ongoing efforts to strengthen political stability and
national security, create the ideal conditions for an increase in a variety of different types
of illegal cyber activities. The anonymity of the Internet, the legal and jurisdictional
issues associated with technology-facilitated crimes, the vast pool of potential victims
and recruits, and the allure of easy money are all factors that contribute to the
criminal groups that are active within the nation puts the country's ability to maintain its
Pennsylvania National Police, 2013). In addition, during the month of June 2021 in the
Philippines, 98.41 thousand cyber-attacks were reported, which represents a sizeable drop
when compared to the same month during the previous year. The number of cyberattacks
carried out in the nation during the first three months of the year increased at an
The Philippines is ranked 4th among most targeted by web threats Philippines is
now ranked fourth overall, behind Belarus, Algeria, and Kazakhstan, in Kaspersky's
Cyber Security Preparedness: An Assessment 4
worldwide rating, up two spots. In a nutshell, this indicates that Filipinos who have been
mostly confined to their homes during the second year of the epidemic have had
web dangers. Drive-by downloads and social engineering are common tactics used by
infected website, a drive-by download infection, which is utilized in most assaults, takes
place. Cybercriminals deploy file-less malware in such assaults, which is the riskiest
and defend against. On the other side, social engineering assaults include getting a
malicious file onto a computer through an Internet user. This occurs when online
predators deceive the victim into thinking she is downloading reliable software.
The researchers wants to study this topic for the purpose of determine students
Expertise regarding the cyber security preparedness and how knowledgeable people are
today's time in which everyone is using technologies as technology are one of the
Literature Review
Cyber Security
protect essential data from attackers and prevent attackers from stealing and destroying
most organizations in the previous years have improved their perspective toward
computer security. They hired a group to scan for vulnerabilities and follow
Cyber Security Preparedness: An Assessment 5
networks. Employees are also educated on dangerous practices that can breach the
organization's security. Most businesses are now more ready than ever to defend against
cyberattacks. But despite all of the work and money, computer security is still an issue
that needs to be resolved. Even if organizations become better at preparing and defending
themselves, attackers also improve simultaneously. Computer network attacks now have
more economic potential than ever before. Because of this, it attracts more criminal
groups, which motivates them to look for ways to bypass companies’ defenses. (Ponemon
Institute, 2014).
During COVID-19, cyber security was harder for organizations; the pandemic has
significantly altered how things are done at work. This includes working from home,
participating in video conferences, switching from paper to digital record keeping and
filing, and, in some situations, using social media more frequently. According to Johns
(2021), organizations have become less aware of the breaches they faced during the
pandemic. The percentage of organizations conducting user and security monitoring also
the established policies and procedures. Upgrading systems, software, and hardware
become challenging. There are more endpoints for organizations to monitor as a result of
employees working from home. In this environment, fewer corporations and nonprofit
measures that are designed to create an environment that is conducive to the growth of its
people in the field of information and communications technology (ICT). Due to the fact
that 37 percent of the population uses the internet and more than 102 million Filipinos
had mobile cellular subscriptions as of 2014, the Philippines cannot afford to dismiss the
dangers posed by cyberattacks. In 2012, the Philippines passed Republic Act 10175,
which is more commonly referred to as the Cybercrime Prevention Act. This law was
enacted with the goal of preventing crimes committed online as well as protecting
computers, other communication systems, and networks from being exploited, abused, or
illegally accessed. In spite of the fact that Republic Act 10175 and other pertinent laws
are currently in effect, the Philippines still ranked sixth worldwide in Symantec's Internet
Threat Report regarding the sources of web attacks in the year 2016. This places the
nation in a more advanced position than it did in 2014, when it was ranked seventh.
(Parcon, 2017).
information of certain industry from outsider and any malicious person who has intent to
breach the security system. Cyber threat is mounting pressure on any industry as
need more people strength in numbers is important as more people are working on it to
combat the cyber-attacks of criminals. And one of the main reasons that they are seeing is
Cyber Security Preparedness: An Assessment 7
that most of the people who purchase things online is using the same email and
passwords from both work-based system and online shopping. When hacking happens,
they can easily breach the information of the account that they have been hacked into and
gather their information the rising attack of cyber-attack is rampant due to the fact that
these criminals are hard to locate and hide on their computers and gadgets and they are
Academic institutions need information security because most users are unaware
of cybersecurity or how to protect their devices from malware, viruses, and scams.
demonstrates that senior executives and managers should strongly promote a student
plan.Regular comprehensive security awareness and training sessions are necessary for
vulnerabilities.
thorough and widespread security curriculum into their courses. Without this, students
with advanced technical skills but lacking security awareness could pose a potential
danger and disadvantage. Otherwise, systems created by graduates would likely have
Cyber Attacks
a computer system with the aim of stealing, destroying, controlling, or deleting critical
data. In the third millennium, cyberspace and related technology are significant sources
of power. Governments no longer hold exclusive power and other actors, including
private enterprises, organized terrorist and criminal groups, and individuals, have become
involved in the distribution of power. Private entities have been known to organize
criminal and terrorist factions, with individuals being among these supplementary
The top priority is security. The current threat to national security pertains to the potential
decline in citizens' quality of life, rather than military or territorial concerns. Cyber
infrastructure and sensitive networks, making them unpredictable, complex, and highly
necessary to combat these issues, as governments alone are insufficient. The private
sector shares common interests in addressing these concerns. Conventional methods, such
as military and police power, are insufficient for containing these hazards. Cyber threats
preceding point. Several international relations theories that focus solely on the
Cyber Security Preparedness: An Assessment 9
The unfortunate reality is that the vast majority of home users, as well as a
significant number of users, are unaware of the dangers that they put themselves in
whenever they connect to the internet, read their email, or download a "free" application.
Some people learn about cybercrime after it is too late for them because they have
already fallen prey to one form or another of internet fraud before they find out about it.
Students have a great opportunity to be educated about cyber threats during the school
day, whereas older generations can only be reached through the media (primarily
capabilities. industries are one of the targets of criminals to stole information and gain
access to important items can access on the industries information. One of the main
problems in combatting this type of incident is the failure to detect malicious activities.
technology and target to have access to the critical system process using various
techniques to have full access over the network layers and to disrupt physical field
devices, with this technique perpetrators bypass the security of an industry and evade
Proactive Countermeasures
Cyber Security Preparedness: An Assessment 10
before they happen. Only a decade ago, corporate executives' reluctance to support cyber
defenses and legal uncertainty looked to be the two main obstacles to proactive
cybersecurity. Proactive cybersecurity programs have gained appeal in recent years due
to polycentric cybersecurity assemblages, the Internet, and APTs that target private
organizations. These initiatives oppose "hack back" measures and support sophisticated
threat intelligence sharing and active methods like honeypots, allowing security
organizations to anticipate hostile access attempts rather than defend against known but
easily re-faced bad traffic. Using this strategy, businesses have the chance to develop
broad, However, the viability of such partnerships and the way private sector security
and how intelligence is shared. As was evident in 2014 with the creation of the U.S.,
private sector sharing might further reinforce the United States model of private sector
led Internet governance while preventing nationalistic coalitions that might irritate and
embolden states that desire a more major role for national governments in Internet
guidelines for the preservation of critical infrastructure. After that, we might only achieve
Reactive Countermeasures
Cyber Security Preparedness: An Assessment 11
threat.
the cyberattack would be a clear sign of the reactive strategy. For instance, one of the
protection solutions against the NotPetya malware provided by security integrators is the
isolation of hazardous applications like the M.E.Doc software that has been infiltrated
and was the main cause of the outbreak. We acknowledge the shortcomings of the
M.E.Doc update model and the risks associated with such supply chain techniques, but
You would not be prepared for the new issues if you solely concentrate on
the previous errors. Most likely, future cyberattacks will not be able to use old loopholes.
Temporary one-off solutions, such as the application of security hardware and software
targeted at the issue, have a fragmented and/or short-term impact and can only
haphazardly address security issues. A reactionary plan is never effective. While patching
factor, which is the key contributor to a variety of cybersecurity concerns that result in
hacker intrusions and data breaches. Therefore, a security integrator's reactive approach
may simply be motivated by financial gain. The reactive strategy is no longer the best
The best cybersecurity practices suggest that, in addition to one-off measures and
closing significant security gaps, continuous support of security procedures and risk
assessment are necessary for achieving the highest level of security. The adoption of
management, data backup, event monitoring, and many other facets of a company's
operations are all covered by the complicated, methodical process known as security
Recovery Phase
Recovery phase, is the phase after an attack happened, it is the stage of recovering
from the attack and returning to normal functions. The gadgets and industrial control
systems (ICS) that manage production settings 14 are vital to the economy of our country.
ICS is used by manufacturers to monitor and manage the physical processes that result in
the production of commodities for the general public. The safety and output of the
industrial industry are seriously threatened by the rising number of cyberattacks on these
identical systems. The recovery plan is conducted after a cyber security event, this task
includes, tightening the perimeter security such as firewall rulesets and boundary router
access control lists, next is to reconnect to network the rebuilt systems, next is testing the
systems carefully including security controls, next is restoring the systems into their
normal operations and affirming if they are functioning normally and lastly monitoring
The result of this study will help students and the community to gain the
appropriate information necessary for them to be aware about the preparedness in cyber
security. The researchers believe that the findings will help people in the awareness of the
because most students are know in the technological stage and are in the world wide web
platforms. This will help them gain insights and information in securing their private data
reason that due to the assessment of students with expertise in the cyber field, they will be
more knowledgable and engaged in safeguarding their data in the cyber space. This study
can also offer them new understanding and different countermeasures on how to prepare
students in Cyber Security Preparedness. Specifically, this study seeks answer to the
following questions:
1. How may the respondents assess the Cyber Security Preparedness for
2. 1 proactive Countermeasure
2. 2 reactive Countermeasure
Theoretical Framework
The study is based on Ernst von Glasersfeld (2002) Cybernetics and the Theory
all types of scientific inquiry, encourage multidisciplinary collaboration, and promote the
and communicative practices. The author makes a distinction between the traditional
description of social systems and approaches that seek to comprehend social events as the
Cyber Security Preparedness: An Assessment 15
between biological and technological items, as well as, between social and non-social
unconscious elements that theorists up to this point have not taken into consideration. He
highlights the importance of the individual and their cognitive capabilities while
highlighting some of the barriers to discussing difficult issues (also on the Internet). The
author makes a number of inferences, one of which is the statement that "the goal of
Homo sapiens is not the degree of its intelligence or its nonetheless, excellence in and of
itself.
Long before cybernetics offered cognitive self-organization, the concept that the
experiencing subject organizes its experience in accordance with its own methods of
perceiving, thinking, and feeling was latent in the writings of numerous authors.
However, it remained a tangential notion and never gave rise to an epiphany that shaped
universal philosophical perspectives. modern philosophers like Richard Rorty and Nelson
consistent with epistemological viewpoints, which do not draw on the similarities to this
other modern field of study and instead rely on arguments from within their own
psychiatry, and, most crucially, education have all begun to take note of the cybernetic
theory of knowing. The comparisons that are made here are only a sample.
employed as the conceptual framework to achieve the main goal of the current study. As
the figure represents, the input category specifies the countermeasures in Cyber Security
Preparedness for cyber attack, these countermeasures act as a threshold that criminals
need to overcome in order to face a new line of defense. The process category, the
analyzed according to the statistical result of the data gathered and will then be assessed
by the establishments accordingly to the result of the data collected. Lastly, the final
category which is the output will describe the level of expertise for Cyber Security
Preparedness, where specific suggestions stemming from the study's findings were given.
Cyber Security Preparedness: An Assessment 17
Countermeasure
Research Design
Cyber Security Preparedness: An Assessment 18
applied because it enables the researchers to get the reality rather than the abstract about
the purpose of the dissertation (Bryman and Bell, 2007). In most cases, quantitative
research methods are used because they are scientific methods and they produce results
more quickly. (Fellows and Liu, 2008). Descriptive methods aim to express a situation,
1 h which are what, when, where, and how questions, but it cannot use why questions
(McCombes, 2022). This approach was selected given that the purpose of this research
was distinguished and assess the preparedness in Cyber Security. The researcher used
quota sampling which is a non-probability sampling method for the researcher that will
be conducting online survey form through Google Forms. Collecting data analysis using
from other disciplines. In fact, diversity should be promoted and exploited in cross-
other courses with an interest in cyber-security can all contribute to making our digital
society a safer place. However, the researcher asserts that information technology
distinguishing it from other fields. To be specific, the study focuses on the asessment of
4th year graduating students under the course Bachelor of Science in Information
Cyber Security Preparedness: An Assessment 19
serves as the criteria for identifying the samples of the study: (1) Bachelor of Science in
Information Technology Students in Holy Angel University, (2) 4th year graduating
students under the course Bachelor of Science in Information Technology in Holy Angel
University, and 198 no. of 4th yr IT Students. Due to the above mentioned requirement
for identifying the samples, the study only included 50 out of 198 4th yr Bachelor of
The questions that are needed to be answered by the students are the proactive,
and reactive countermeasures and the recovery phase. Researchers create a convenience
researchers chose these particular people to study based on a variety of characteristics and
qualities they possessed. In order to ensure that the samples collected for market research
are useful for data collection, they establish quotas. These samples are a good reflection
of the entire population. When selecting the final group, the only information that will be
Research Instrument
The researchers used a survey questionnaire to gather data for this study.The
survey was conducted online through google form. The survey contains two parts, the
first part asking for permission from the respondents and informs the respondents about
the confidentiality of the questionnaire through the consent form and lastly, the second
part consists of questions in which the participants provided answers to the survey.
Cyber Security Preparedness: An Assessment 20
Mostly, the questions in the questionnaire are about Cyber Security Preparedness for
cyber-attacks which are divided into three phases: proactive countermeasures, reactive
countermeasures, and recovery phase. A 4-point Likert Scale was used to address the
The initial draft of the instrument; the survey questionnaire will be reviewed by
the Research Adviser. Following a series of validation, the survey questionnaire will be
In the process of data gathering, the researchers give the link to the google forms
that contain the rights of the respondents and their privacy, and the purpose of the study.
After the respondents read and agreed on the consent form, the last part of the survey
contain questions regarding the Cyber Security Preparedness for cyber-attacks, which are
recovery phase. After the survey forms were all answered, the researchers analyzed and
The researcher analyzed the data and information that were collected during the
interview that will be conducted where queries will be given to the respondents. The
researcher used a 4-point Likert Scale to address the measurement of the level of
Cyber Security Preparedness: An Assessment 21
characteristics of a data set (Hayes 2022). The data gathered from the questionnaires is
converted into percentages. In computing the frequency percentage, the frequency will be
divided by the entirety of the outcome and multiplied by 100. The formulas are shown
below:
Formula:
P = (f/n) * 100
Whereas,
Formula:
x̄ = Σx / n
Whereas,
x̄ = mean
In Interpreting the data, the Likert scale was used in addressing the measurement
of the respondents.
Strongly
1 1.00-0.99
Disagree
Ethical Consideration
The researchers in ensuring the research ethics will be observed, the participants
will not be subjected to harm in any way, and the researchers will ensure confidentiality
and privacy of data following the data privacy act of 2012 or the Republic Act. No.
Confidentiality will also represent the agreement made by the researcher and Participants
through the consent, and that any information will not be disclosed to anyone. (Holland,
Linvill, 2019). The voluntary participation of respondents will be prioritized. Prior to the
survey, researchers will explain thoroughly the purpose of the study and that the survey is
only for the data gathering process will be kept confidential, Lastly, the participants can
withdraw at any stage of the study.Lastly, the participants can withdraw at any stage of
the study.
Cyber Security Preparedness: An Assessment 23
RESULTS
The findings of the survey conducted using survey questionnaires are assessed in
this constituent of the study. The examination of each result supported the researcher’s
necessary findings in identifying the Cyber Security Preparedness. This section includes
the Information Technology Students’ total weighted mean, the JAMOVI tool was used
PROACTIVE
Verbal
Indicators N Mean SD Variance
Description
Agree
obtained an overall weighted mean of 3.50 which was verbally described as “Strongly
Agree”. There are two highest means in this countermeasure with a mean of 3.58 namely,
“Employee training and awareness programs to educate staff on how to recognize and
avoid potential cyber threats” and “Regular updates of software and system to minimize
the risk of a successful attack” which are verbally described as Strongly Agree. While the
lowest mean of 3.34 namely “Regular security audits and risk assessments to identify
potential threats and vulnerabilities” which was verbally described as Strongly Agree.
Cyber Security Preparedness: An Assessment 26
REACTIVE
Verbal
Indicators N Mean SD Variance
Description
Agree
obtained an overall weighted mean of 3.54 which was verbally described as “Strongly
Agree”. The highest mean in this countermeasure is with a mean of 3.60 namely,
experts, to respond to and resolve a cyber attack” which is verbally described as Strongly
Agree. While the lowest mean of 3.48 namely “Regular testing and simulation of the
city’s incident response plan to ensure its readiness in the event of a real attack” which
RECOVERY
Verbal
Indicators N Mean SD Variance
Description
Establishment of a cyber
incident response plan to Strongly
50 3.44
guide the city’s actions in the Agree
event of a cyber-attack
Regular backup and disaster
recovery procedures to ensure
Strongly
the city can quickly restore 50 3.56
Agree
normal operations following a
successful attack
Implementation of measures
to prevent the spread of Strongly
50 3.52
malicious software or Agree
information
Establishing a communication
plan to inform relevant
stakeholders, such as
Strongly
employees, customers, and the 50 3.54
Agree
public, of the extent of the
damage and the steps taken to
prevent future attacks
Strongly
Total Weighted Mean
3.52 Agree
obtained an overall weighted mean of 3.52 which was verbally described as “Strongly
Agree”. The highest mean in this countermeasure is with a mean of 3.56 namely,
“Regular backup and disaster recovery procedures to ensure the city can quickly restore
Agree. While the lowest mean of 3.44 namely “Establishment of a cyber incident
response plan to guide the city’s actions in the event of a cyber-attack” which was
DISCUSSION
The results indicate that the indicators in Cyber Security preparedness as assessed
by the level of expertise of the Information Technology students are all aligned with their
description of Strongly Agree, and that all are important for Cyber Security Preparedness.
to educate staff on how to recognize and avoid potential cyber threats” received the
strongly agree that having awareness in Cyber Security is very important, especially in
the Proactive phase. It will be too late to educate staff and employees about cyber
organization's digital network security risk. Cybercrime losses decrease with fewer risks.
Thus, establishments that invest in employee cyber security awareness training should see
a return. Additionally, if every employee receives training in the best practices for cyber
security, there will be a reduced risk of protection gaps occurring in the event that an
employee leaves the company. You'll reduce the likelihood of a security breach due to a
organizations that do not have a good reputation, so a company that employs people who
are aware of the importance of information security will have a better reputation among
Cyber Security Preparedness: An Assessment 31
customers. Negative publicity from repeated security breaches will drive customers away.
Terra, J.(2023
The “Regular updates of software and system to minimize the risk of a successful
attack” also received the highest. Having regular updates minimizes the risk of potential
cyber threats, this is due to the system being updated to protect itself from the latest virus
and malware. Numerous software updates contain security patches. These updates are
intended to fix vulnerabilities that cybercriminals could exploit. These security patches
cybercriminals the opportunity to exploit them and gain access to your home and system.
Caldwell, N. (2022)
such as law enforcement and cybercrime experts, to respond to and resolve a cyber-
attack” received the highest, this indicates that Information Technology students as to
their expertise strongly agree that it is very important to have collaboration with relevant
responsible for a diverse set of tasks and competencies in order to safeguard a company's
data and IT infrastructure. The main objective of Cyber Security expert is to conduct a
thorough analysis of potential threats and risks, as well as evaluate the impact of new and
existing systems and technologies on business operations. The goal is to mitigate any
risks and address any issues related to performance and capacity. The process of
conducting audits and vulnerability assessments on operating systems, web servers, and
Cyber Security Preparedness: An Assessment 32
procedures to ensure the city can quickly restore normal operations following a
successful attack”. Received the highest. This indicates that Information Technology
students according to their expertise, strongly agree that after the attack phase, it is very
important to have a regular backup to have so that the operation back to normal function
can quickly happen. The creation of backups is an essential part of data protection.
Important files can be saved from the inevitability of losing them in the event of data loss
situations caused by common events such as a system crash, malware infection, hard
backups, preferably daily or weekly. Data is the most valuable asset a company can
possess. Sixty percent of businesses are unable to continue operations for even six
months after suffering data loss, according to one study. When data is consistently backed
up, one can protect their data and ensure business continuity in the event that data is lost.
SUMMARY OF RESULTS
Conclusion
Following are the conclusions that were obtained from the analysis of the researcher’s
1.The survey conducted obtained results from the expertise of Information Technology
students, the output shows that in the proactive countermeasures “Employee Training and
Seminars” and “Regular security audits and risk assessment” are the ones that should be
an organization's digital network security risk, and Having regular updates minimizes the
specialists are responsible for a diverse set of tasks and competencies in order to
3.Results from the survey shows that the respondents strongly agree, on the
implementation of “Regular backup and disaster recovery procedures to ensure the city
can quickly restore normal operations following a successful attack.” this countermeasure
received the highest recommendation on the recovery phase. The creation of backups is
an essential part of data protection, it is very important to have a regular backup to have
4.The results gathered gave insights and understanding to the researchers to come to the
conclusion, that the different countermeasures provided in the verbal descriptions all falls
Students.
Recommendation
1.1. Regular security audits and risk assessments to identify potential threats and
security. Implementing this will help the establishment to lessen the potential
threats to happen.
1.2. Employee training and awareness programs to educate staff on how to recognize
stop the spreading of the virus to the main data by limiting it and preventing it to
1.4. Regular updates of software and systems to minimize the risk of a successful
attack. Updating software is a must because attackers will try to breach the
system but by updating the software regularly will be a hard time to decode by
the attackers.
1.5. Collaboration with other organizations and industry groups to share information
and best practices for cybersecurity. Having communication with others will
greatly affect the cyber security in a positive way in which they can share what is
2. Reactive Countermeasures are the response when the Cyber Attack is happening. The
2.1 Establishing a rapid response team to handle the initial stages of a cyber-attack. It
is very important to establish a rapid response team in the initial stages of attack to
2.2 Deployment of tools and procedures to contain the damage and prevent further
using tools to counter and contain the damage to prevent it from worsening.
successful attack. Assessing the extent of damage by the Cyber Attack will determine
Cyber Security Preparedness: An Assessment 36
the probable loss of an establishment and will help in finding possible solution to
2.4 Regular testing and simulation of the city's incident response plan to ensure its
readiness in the event of a real attack. Drills and simulation are important to assess
and prepare the establishment and its employees in real Cyber Attack situations.
Cyber Attack, collaboration with relevant authorities and experts will greatly help in
dealing and containing the Cyber Attack that will prevent further spread of damage to
the system .
3. Recovery Countermeasures are the actions taken after the Cyber Attacked breached
Cyber Security. The plans and procedures are to be recommended for establishments:
3.1 Establishment of a cyber incident response plan to guide the city's actions in the
incident response plan that updates all the new potential dangers and actions to be
taken . This will further enhance the response plan of the establishment.
3.2 Regular backup and disaster recovery procedures to ensure the city can quickly
an establishment is crucial, not only due to potential cyber threats that are existing but
Cyber Security Preparedness: An Assessment 37
also to a variety reasons that can affect the physical aspect of the system. If a backup
exists, the regular operation of the establishment can resume as soon as possible.
integrity, and availability of information within the digital environment, the purpose
of implementing these measures is to ensure that they are put into place.
employees, customers, and the public, of the extent of the damage and the steps taken
having information and giving awareness will prevent future attacks and can
3.5 Evaluation of the effectiveness of the city's recovery plan and making
improvements for the future. Evaluation of the effectiveness of the recovery plan and
response to the challenges posed by a crisis or disaster and assessing their impact. The
objective is to identify any gaps or weaknesses in the plan and develop suggestions
REFERENCES
Alharbi, T., & Tassaddiq, A. (2021). Assessment of Cybersecurity Awareness among
Students of Majmaah University. Big Data and Cognitive Computing, 5(2), 23.
https://doi.org/10.3390/bdcc5020023
https://reader.elsevier.com/reader/sd/pii/S1877042813011403?
token=E47A222EDDAF16F1E90A8FEC51547FC7F3CAB1446FB48F2378946F
85F0BC92FA0881B138401FED2728DC61C79BD8ECA6&originRegion=eu-
west-1&originCreation=20230507125221
Amanda N. Craig, JD, Scott J. Shackelford, JD, PhD, & Janine S. Hiller, JD (2015)
PHILIPPINES. https://acg.pnp.gov.ph/main/about-us/20-publications/42-
cybercrimethreat-landscape-in-the-philippines.html
https://www.nccoe.nist.gov/sites/default/files/2022-02/mfg-recovery-project-
descriptiondraft.pdf
Baxter, M (2018, September 28) We are the champions: fighting cybercrime needs
https://www.information-age.com/fighting-cybercrime-123475052/
https://www.bexar.org/694/Five-Phases
forquantitativeresearch/?
ref=1d10f08780852c55&fbclid=IwAR3_zB_03Qgy89r4ELl1QwuF9jkrcFddUi
rSb_Z7AXVC47gYQsSD7WTm9Mw
Philippines. https://www.ndcp.edu.ph/philippine-cybersecurity-in-retrospect-
2016-2021/#:~:text=Challenges%20and%20Implications%20to%20Philippine
%20National%20Security&text=Similarly%2C%20the%20Philippines%20ranked
%204th,increased%20tremendously%20at%20433%20percent
Techtarget. https://www.techtarget.com/searchsecurity/feature/Lack-of-
cybersecurity-skills-fuels-workforce-shortage
Ernst von Glasersfeld (2002) Cybernetics and the Theory of Knowledge UNESCO
2002. http://vonglasersfeld.com/255
https://www.purdue.edu/research/dimensions/important-considerations-
forprotecting-human-researchparticipants/#:~:text=Confidentiality%20represents
%20upon.
/24598#:~:text=This%20involves%20reacting%20to%20an,the%20cheating
%20ha s%20already%20occurred
Infopulse (2017, July 21). How to Minimize Risks of Cybersecurity Attacks: Reactive vs
ofcyber security-attacks-reactive-vs-proactive-approach
Ismail, N (2019, February 14) Cyber security professionals struggling to balance under
Cyber Security Preparedness: An Assessment 43
securityprofessionals-pressure-123479167/
Johns, E (2021) Cyber Security Breaches Survey 2021. Department for Digital, Culture,
_Security_Breaches_Survey_2021_Statistical_Release.pdf
World. https://www.bworldonline.com/top-stories/2022/09/23/476285/philippine
healthcare-among-most-vulnerable-to-attacks-kaspersky/
https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security
Lakhwani,S. (n.d) Cyber Security Specialists: Skills, Roles & How to Become One.
https://www.knowledgehut.com/blog/security/all-about-cyber-security-expert
Scribbr.https://www.scribbr.com/methodology/descriptiveresearch/?
fbclid=IwAR2lygQBaz3hwy5xJIE6E8jdBCFXyNCleScuWMy8M8xpNrSpyD
3xFKeJpvE#:~:text=Descriptive%20research%20aims%20to
%20accurately,investigate% 20one%20or%20more%20variables
ASEAN and the Philippines. Center for International Relations and Strategic
Studies. http://hdl.handle.net/11540/6934.
https://www.planettogether.com/blog/how-technology-plays-a-role-in-
modernmanufacturing
https://www.pna.gov.ph/articles/1168257
Think?."https://www.ponemon.org/local
https://www.techtarget.com/searchsecurity/definition/cyber-attack
Rikhi, I. Arora, R. (2022) Why You Should Always Backup Your Data.
https://www.stellarinfo.com/blog/always-backup-data/
Rowe, D. C., Lunt, B. M., & Ekstrom, J. J. (2011, October). The role of cyber-security in
https://www.researchgate.net/profile/Kyle-Sulabo/publication/309681709
12715af21bff/Cyber-Crime-Effects-to-Businesses-in-Philippines.pdf
20202021.Statista. https://www.statista.com/statistics/1268283/philippines-
amount-ofcyberattacks/#:~:text=In%20June%202021%2C%20there
%20were,much%20as%20arou nd%201.76%20million.
Cyber Security Preparedness: An Assessment 45
https://www.simplilearn.com/importance-of-security-awareness-training-article
https://www.sciencedirect.com/science/article/pii/S2352484721007289
APPENDICES