Professional Documents
Culture Documents
NARRATIVE/POST-ACTIVITY REPORT
Information Security Awareness Series for Area II
BSA Twin Towers, Ortigas Center, Mandaluyong City
March 25-26, 2015
I. Introduction
Pursuant to Special Order No. 1553, series of 2014 and in conformity with Office Order No.
0143, series of 2012 entitled Strengthening of Corporate Information Security through Security
Education Training and Awareness (SETA) Program, the activity served as an avenue to
communicate security requirements and provided opportunity to discuss relevant
existing corporate policies and agreed on vital concerns concerning the confidentiality,
integrity, and availability of Corporate information. It also aimed to capacitate the
participants in improving their knowledge in information security management, each
one being an information manager through inviting expert resource speakers in the
field of information security, Data Privacy Act of 2012, and Cybercrim Prevention Act.
The activity was held on March 25-26, 2015 at the BSA Twin Towers, Ortigas Center,
Mandaluyong City.
II. In attendance
The event was participated by Regional Vice Presidents (RVPs), Division Chiefs, and
LHIO Heads from Area II. Furthermore, President and CEO Alexander A. Padilla also
graced the event and imparted an enlightening message as well as the recent Corporate
developments in terms of employee benefits. For a complete list of participants,
attached is a copy of SO # 453 series of 2015.
III. Event Proper
DAY 1
The event commenced on March 25, 2015 at 9:00AM. Francisco E. Sarmiento III of
the InfoSec, as the master of ceremonies and facilitator for the two-day activity. At
9:00AM, a prayer was led by Dr. Cynthia Camacho from PRO NCR-North.
Immediately ensued the prayer was the singing of the National Anthem and the
PhilHealth Hymn led by Mr. Sarmiento.
Afterward, welcome remarks were imparted by AVP Shirley B. Domingo, MD. AVP
Domingo took the opportunity to publicize her plans for Area II considering that all
the participants were from Area II.
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph
In any event, the most important consideration are the participants. With this, Irene P.
Martinez from the InfoSec acknowledged all the participants. After acknowledging
and welcoming each other, OIC-SM Ronald Allan C. Pablo presented all about
information security including its history, mandate, and others.
A. Introduction to Information Security
Ronald Allan C. Pablo, OIC-Senior Manager of InfoSec, presented all about the
Corporate Information Security Department (InfoSec), its history and mandate.
Mr. Pablo discussed briefly the what, who, and how of Information Security.
Furthermore, he mentioned that the event is just a start of a series of information
security awareness undertakings.
B. Data Privacy Act of 2012 and Cybercrime Prevention Act
After Mr. Pablos presentation, the first speaker, Atty. Wendell Bendoval from the
Department of Justice was introduced by InfoSec Division Chief, Annie Rose B.
Gaffud. Atty. Bendoval discussed on the Cybercrime Prevention Act as well as the
Data Privacy Act of 2012. At 12:00PM, the participants had a lunch break and the
event resumed at 1:30PM.
At 1:30PM, an open forum ensued.
The succeeding table shows the
questions/clarifications/issues raised by the participants:
Questions/Clarifications/Issues
In terms of national security and public
interest, are the following actions justifiable?
1. During Pope Benedicts visit in the
Philippines, telecom signals were
jammed
2. Wire-tapping
With regard to the Garci case, the law shall prevail.
The recording of such conversation is not
admissible because it violated the anti wire-tapping
law. Any conversation should not be recorded
without the consent of both parties.
In the absence of an IRR of the Data Privacy Yes. The right to privacy is already embedded in
Act, can we use it as a legal basis?
our Constitution. The law is already effective. In
the absence of the IRR, there is a Supreme Court
issuance specifically the Writ of Habeas Data that
can be used as a remedy.
Cybercrime Prevention Act
In the absence of an IRR, the law is still effective.
In administrative aspect, IRR serve only as
guidelines to fill-in the gaps.
Are we not violating any law considering that It is recommended that the identity should be
we process transactions using the PMRF verified.
without any documentary requirement?
(Leniency to attain universal coverage)
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph
If anonymized aggregate data, no restrictions. Revisit and reiterate Office Order No. 0042, series of
2014
In the general principle of open government, since
this is where we are heading for, the owner of the
shared data should be PhilHealth. The concept
of proportionality should be considered.
Open data policy, states that all information
collected by the government is a government data
as long as its allowed by existing policy is
complied.
There being no more issues and concerns raised addressed to Atty. Bendoval, his
discussion ended at 2:00PM
C. Information Security-Related Policies
Monaliza Toledo, ISA III of the InfoSec discussed some of the information securityrelated policies through a game called as the Jeopardy. The participants were grouped
into seven (7) and played the game. The questions included information securityrelated policies. After the game the winning group was proclaimed and the
questionnaires were discussed by Ms. Toledo which likewise explained the policies.
Also, Irene Martinez of the InfoSec
them to answer questions posted
information security-related policies.
Paolo Johann Perez was declared
afterwards.
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph
Day 2
On the next day, the activity continued at 9AM. Another resource speaker expert in the field
of Information Security was introduced by Mike Gerard Rey C. Pea of the InfoSec.
John I. Macasio is a manager at Redfox Technologies Philippines Incorporated. He leads the
group responsible in education technology development, strategic partnership and customer
engagement for the company focused on research and development, manufacturing and
distribution of innovative technologies of information and communication.
Mr. Macasio underscored that each of the participant is an information security manager. This
management has just became complicated due to technology and the network society.
Subsequent paragraphs show some of the topics he discussed:
I. Information Security Essentials -Safety in Workplace
Secure
Partially Secure
I do not Know
Data Privacy
Access Availability
System Integrity
Cybercrime
The result of the workshop showed that majority of the participants agreed that from among
the indicators, they think and feel that they are Partially Secure. In another workshop
conducted, it sought to assess what participants have for security and how they are meant to
secure.
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph
Indicators
Fully Known
Partially Known
I do not Know
&
4. Data Processing
5. Document Handling
6. Computer Network
For while the SETA Program activity such as the one conducted is just a start of a
series of awareness undertakings, it was astounding that the participants answered
that they Partially Know of the indicators stated above.
Essential Questions of Information Security
What particular procedure that everybody must know to identify the
security risk of information?
What particular policy that everybody must know to speak of principles and
guidance of assuring confidentiality, availability and integrity in the creation,
safekeeping and release of information?
Who is responsible in auditing the compliance of in-house and out-source
information systems to the defined information security requirements?
How is the integrity of information validated and verified?
How is the confidential value of information defined and assured?
Who investigates when information is compromised?
What process insures the detection of breach in confidentiality of
information?
When do you consider information is misrepresented?
Basic Methods and Tools of Information Security
Layered Approach to Security
Mitigating Information Security Risk
Security Policy Requirement
Information Security Risk Assessment
The session of Mr. Macasio on Information Security ended at 4:30PM.
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph
Closing Remarks
A closing remarks imparted by Mr. Pablo marked the finale of the first run of the Information
Security Awareness Series activity of the InfoSec for Area II.
Subsequent page contains some of the pictures taken during the event.
Prepared by:
Irene P. Martinez
ISA III, InfoSec
Noted by:
Annie Rose B. Gaffud
Division Chief
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph
teamphilhealth
www.facebook.com/PhilHealth
www.youtube.com/teamphilhealth
actioncenter@philhealth.gov.ph