Professional Documents
Culture Documents
TG11 Fin 076
TG11 Fin 076
TG11 Fin 076
“The man who does not read books has no advantage over the one who cannot read them.” — Mark Twain
A. LESSON PREVIEW/REVIEW
Introduction
Ola! How was your first assessment? Did you find it easy? We are done discussing the core
banking system and the migration to cloud-based core banking system. Today, we will be talking
about the security and control mechanisms in banking.
Please read the learning targets before you proceed to the succeeding activities. The learning
targets are your goals. Remember, you need to achieve your learning targets at the end of the lesson.
B. MAIN LESSON
Activity 1: Content Notes
Below are the notes about special topics in banking & microfinance. You may underline or
highlight words or phrases that you think is the main focus of the lesson.
2. Authorization
Authorization is the process by which a computer system or individual grants access to a user
for various reasons. It protects critical resources in a system by limiting access only to
authorized users and their applications. It prevents the unauthorized use of a resource or the
use of a resource in an unauthorized manner.
3. Auditing
Auditing is the process of recording and checking events to detect whether any unexpected or
unauthorized activity has taken place, or whether any attempt has been made to perform such
activity.
4. Confidentiality
The confidentiality service protects sensitive information from unauthorized disclosure.
5. Data integrity
The data integrity service detects whether there has been unauthorized modification of data.
Security Mechanisms are technical tools and techniques that are used to implement security services.
A mechanism might operate by itself, or with others, to provide a particular service. Examples of
common security mechanisms are as follows:
1. Cryptography - is the process of converting between readable text, called plaintext, and an
unreadable form, called ciphertext.
a. The sender converts the plaintext message to ciphertext. This part of the process is
called encryption (sometimes encipherment).
b. The ciphertext is transmitted to the receiver.
c. The receiver converts the ciphertext message back to its plaintext form. This part of the process is
called decryption (sometimes decipherment).
2. Message digests and digital signatures - is a fixed size numeric representation of the contents of a
message, computed by a hash function. A message digest can be encrypted, forming a digital
signature.
Messages are inherently variable in size. A message digest is a fixed size numeric
representation of the contents of a message. A message digest is computed by a hash function, which
is a transformation that meets two criteria:
a) The hash function must be one way. It must not be possible to reverse the function to find the
message corresponding to a particular message digest, other than by testing all possible
messages.
b) It must be computationally infeasible to find two messages that hash to the same digest.
3. Digital certificates - provide protection against impersonation, because a digital certificate binds a
public key to its owner, whether that owner is an individual, a queue manager, or some other entity.
Digital certificates are also known as public key certificates, because they give you assurances
about the ownership of a public key when you use an asymmetric key scheme.
A digital certificate contains the public key for an entity and is a statement that the public key
belongs to that entity:
a. When the certificate is for an individual entity, the certificate is called a personal certificate or user
certificate.
b. When the certificate is for a Certificate Authority, the certificate is called a CA certificate or signer
certificate.
4. Public Key Infrastructure (PKI) - is a system of facilities, policies, and services that supports the
use of public key cryptography for authenticating the parties involved in a transaction.
There is no single standard that defines the components of a Public Key Infrastructure, but a
PKI typically comprises certificate authorities (CAs) and Registration Authorities (RAs). CAs provide the
following services:
a) Issuing digital certificates c) Revoking digital certificates
b) Validating digital certificates d) Distributing public keys
Now, let us proceed to the activities that will strengthen your knowledge of the topic.
Let’s practice! Answer each activity to test your understanding of the lesson. I know you can do
this! You may start now.
Exercise No. 1: Read each statement carefully. Identify what is being referred to in each
number. Write your answer on the space provided.
________________________1. These are technical tools and techniques that are used to
implement security services.
________________________2. It is the ability to prove that a user or application is genuinely
who that person or what that application claims to be.
________________________3. This is the process of converting between readable text,
called plaintext, and an unreadable form, called ciphertext.
________________________4. It protects critical resources in a system by limiting access only to
authorized users and their applications.
________________________5. This is a system of facilities, policies, and services that supports the
use of public key cryptography for authenticating the parties involved in a transaction.
________________________6. It is the process of recording and checking events to detect
whether any unexpected or unauthorized activity has taken place, or whether any attempt has
been made to perform such activity.
________________________7. These provide protection against impersonation, because a digital
certificate binds a public key to its owner, whether that owner is an individual, a queue manager, or
some other entity.
________________________8. This protects sensitive information from unauthorized disclosure.
________________________9. It is a fixed size numeric representation of the contents of a
message, computed by a hash function.
________________________10. This detects whether there has been unauthorized modification of
data.
You may now see the correct answer on the last page. How many correct answers did you get?
Write it on the space before the instruction. I hope this activity helped you in this lesson.
Exercise No. 2: Classify the following authentication methods. Write UK for User Knows, UP for
a User Possesses, US for User Behaviors, and UPC for User’s Physical Characteristics. Write
your answer on the space provided.
You may now see the correct answer on the last page. How many correct answers did you get?
Write it on the space before the instruction. I hope this activity helped you in this lesson.
You may check the correct answers for this activity on the last page. How many correct answers
did you get? Write your score on the space before the instruction on this exercise.
C. LESSON WRAP-UP
Activity 4: FAQs
A. Work Tracker
You are done with this session! Let’s track your progress. Shade the session number you just
completed.
1. Please read again the learning targets for the day. Were you able to achieve those
learning targets? If yes, what helped you achieve them? If no, what is the reason for not
achieving them?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
KEY TO CORRECTIONS
Skill-Building Exercises
Exercise No. 1
1. Security mechanisms 6. Auditing
2. Authentication 7. Digital certificates
3. Cryptography 8. Confidentiality service
4. Authorization 9. Message digests
5. Public Key Infrastructure 10. Data integrity service
Exercise No. 2
1. UK 6. UB
2. UPC 7. UP
3. UK 8. UB
4. UPC 9. UP
5. UK 10. UB
TEACHER-LED ACTIVITIES
Since this session will be face-to-face, the teacher may conduct a micro lecture about human resource
management, its functions, and its features. The teacher may also cater questions from students and
allot 5-10 minutes for this activity.