POLICING THE CYBERSPACE: CYBERSECURITY MANAGEMENT OF PHILIPPINE NATIONAL POLICE INFORMATION SYSTEMS
Type
Thesis
Authors
Category
Publication Year
2020
Abstract
The Philippine National Police’s challenges in cybersecurity is enormous since cyber threats exist in an enormously large and volatile environment of cyberspace. Vulnerabilities constantly emerge extremely very fast. In order to protect the PNP organization, personnel, clientele and services from security breaches, the PNP must implement proactively cybersecurity measures.
The uncertain movement of information in the internet is very challenging in coming up with a comprehensive cybersecurity management system. The cyberspace is a continuous changing field.
This study entitled, “POLICING THE CYBERSPACE: CYBERSECURITY MANAGEMENT OF PHILIPPINE NATIONAL POLICE INFORMATION SYSTEMS”, therefore, looked on the current state of cybersecurity management of PNP Information Systems in terms of Policies, Human Resource, Facility and Technology; the problems identified in cybersecurity management of PNP Information Systems relative to Policies, Human Resource, Facility and Technology; the solutions that can be proposed to address the problems in cybersecurity management of PNP Information Systems; and the action plan that can be proposed based on the findings of the study.
Qualitative method was used to gather data on existing laws, policies, human resources, facilities and technology involved in the entire operation of a particular PNP Information System, Qualitative mode of interview was selected on this technical paper on cybersecurity to sought out ideas from cybersecurity experts and the actual challenges experienced by PNP personnel developing, deploying and managing Information Systems. In this paper, the researchers studied the implementation of cybersecurity management specifically in the Drug Related Data Integration and Generation System (DRDIGS).
Primary sources of data for this research were Key Informant Interviews with three Subject Matter Experts from ICT sectors and Department of Information and Communications Technology, and Information Technology Project Officer deployed at the National Capital Region Police Regional Office (NCRPO) and Police Regional Office 8; and Focus Group Discussion with Database Administrator and Systems Developer from Information Technology Management Service.
It was revealed in the study that there is no existing comprehensive Cybersecurity Management Policy in the PNP and informants were unaware of the existing PNP Information Assurance Policy which provides policies and guidelines on the protection of PNP data and information resources, There is a gap between the PNP ITMS and ACG in terms of Cybersecurity Functions, for the reason that there is no common lexicon that would harmonize the duties and responsibilities of both PNP Units to avoid overlapping of tasks. The PNP personnel performing cybersecurity functions require sufficient training in cybersecurity. The PNP lacks the facility and technology which limits the capability of ITMS and ACG personnel to combat cybercriminals. An Action Plan is needed to develop the PNP Cybersecurity Management System with the following activities; (a) Formulation of polices on cybersecurity management; (b) Enhancement of Human Resource capabilities and competencies; and (c) Establishment of physical facility with the top of the line and sophisticated technologies and (d) appropriate cybersecurity tools that will support the PNP organization in carrying out its mandate in keeping the Safety of the PNP Information Systems in the Cyberspace.
In view of the foregoing conclusions, it was recommended that the PNP should formulate a comprehensive Cybersecurity Management Policy adopting international and local policies and standards to be cascaded through cybersecurity awareness program, to ensure that all PNP personnel will have a clear understanding and be aware of the importance of securing PNP IT assets and each of one has the role to perform in securing such assets and the consequences of a breach to the organization. The PNP shall provide a common lexicon that would harmonize the duties and responsibilities of PNP ITMS and ACG adopting the international standard on Cybersecurity Workforce Framework. The PNP shall build human resource capacity through training based in solid foundations and fundamentals. Strong foundations and fundamentals on implementing security controls in Operating System, Applications and Hardware. The PNP shall establish top of the line facility with sophisticated technologies and appropriate cybersecurity tools that will support the PNP organization. The PNP shall implement an Action Plan to develop the PNP Cybersecurity Management System which shall be supervised by DICTM.
The uncertain movement of information in the internet is very challenging in coming up with a comprehensive cybersecurity management system. The cyberspace is a continuous changing field.
This study entitled, “POLICING THE CYBERSPACE: CYBERSECURITY MANAGEMENT OF PHILIPPINE NATIONAL POLICE INFORMATION SYSTEMS”, therefore, looked on the current state of cybersecurity management of PNP Information Systems in terms of Policies, Human Resource, Facility and Technology; the problems identified in cybersecurity management of PNP Information Systems relative to Policies, Human Resource, Facility and Technology; the solutions that can be proposed to address the problems in cybersecurity management of PNP Information Systems; and the action plan that can be proposed based on the findings of the study.
Qualitative method was used to gather data on existing laws, policies, human resources, facilities and technology involved in the entire operation of a particular PNP Information System, Qualitative mode of interview was selected on this technical paper on cybersecurity to sought out ideas from cybersecurity experts and the actual challenges experienced by PNP personnel developing, deploying and managing Information Systems. In this paper, the researchers studied the implementation of cybersecurity management specifically in the Drug Related Data Integration and Generation System (DRDIGS).
Primary sources of data for this research were Key Informant Interviews with three Subject Matter Experts from ICT sectors and Department of Information and Communications Technology, and Information Technology Project Officer deployed at the National Capital Region Police Regional Office (NCRPO) and Police Regional Office 8; and Focus Group Discussion with Database Administrator and Systems Developer from Information Technology Management Service.
It was revealed in the study that there is no existing comprehensive Cybersecurity Management Policy in the PNP and informants were unaware of the existing PNP Information Assurance Policy which provides policies and guidelines on the protection of PNP data and information resources, There is a gap between the PNP ITMS and ACG in terms of Cybersecurity Functions, for the reason that there is no common lexicon that would harmonize the duties and responsibilities of both PNP Units to avoid overlapping of tasks. The PNP personnel performing cybersecurity functions require sufficient training in cybersecurity. The PNP lacks the facility and technology which limits the capability of ITMS and ACG personnel to combat cybercriminals. An Action Plan is needed to develop the PNP Cybersecurity Management System with the following activities; (a) Formulation of polices on cybersecurity management; (b) Enhancement of Human Resource capabilities and competencies; and (c) Establishment of physical facility with the top of the line and sophisticated technologies and (d) appropriate cybersecurity tools that will support the PNP organization in carrying out its mandate in keeping the Safety of the PNP Information Systems in the Cyberspace.
In view of the foregoing conclusions, it was recommended that the PNP should formulate a comprehensive Cybersecurity Management Policy adopting international and local policies and standards to be cascaded through cybersecurity awareness program, to ensure that all PNP personnel will have a clear understanding and be aware of the importance of securing PNP IT assets and each of one has the role to perform in securing such assets and the consequences of a breach to the organization. The PNP shall provide a common lexicon that would harmonize the duties and responsibilities of PNP ITMS and ACG adopting the international standard on Cybersecurity Workforce Framework. The PNP shall build human resource capacity through training based in solid foundations and fundamentals. Strong foundations and fundamentals on implementing security controls in Operating System, Applications and Hardware. The PNP shall establish top of the line facility with sophisticated technologies and appropriate cybersecurity tools that will support the PNP organization. The PNP shall implement an Action Plan to develop the PNP Cybersecurity Management System which shall be supervised by DICTM.
Number of Copies
1
