2. CYBER SECURITY DOMAIN
DOMAIN INITIAL INPUTS/CHALLENGES
PROCESS
Outdated PNP CampNet Guidelines and Procedures;
Lack of standard policy in developing a secured
Information System;
Delay in the implementation of PNP MC No. 2021-180
entitled, “Guidelines and Procedures for the PNP to
be a Cybersecurity-Compliant Organization”;
3. CYBER SECURITY DOMAIN
DOMAIN INITIAL INPUTS/CHALLENGES
PROCESS
Limited scope of SOP No. 2021-02 entitled, “ITMS
Computer Emergency Response Team (CERT)
Guidelines and Procedures”
Outdated PNP ICT Security Manual (2010-01)
4. CYBER SECURITY DOMAIN
DOMAIN INITIAL INPUTS/CHALLENGES
PROCESS
Absence of Policy and SOP on cybersecurity related
incident reporting, response and remediation
Manual reporting of security incidents
No standard procedure/checklist in incident
response
Limited knowledge and awareness in the processes
required to operate a CSOC
5. CYBER SECURITY DOMAIN
DOMAIN
INITIAL INPUTS/CHALLENGES
(in bullet form)
PROCESS
Existing:
PNP
• Outdated PNP CampNet Guidelines and Procedures (2006)
• Lack of policy in the implementation of Vulnerability Assessment (VA) and
Penetration Testing (PT) (scanning limitation)
• Lack of standard policy in developing a secured Information System
(security by design) (modification of PNP MC 2014-033)
• Delay in the implementation of PNP MC No. 2021-180 entitled,
“Guidelines and Procedures for the PNP to be a Cybersecurity-Compliant
Organization”;
note: delay in the procurement of VA tool, for programming of PT
• SOP No. 2021-02 entitled, “ITMS Computer Emergency Response Team
(CERT) Guidelines and Procedures”
• PNP ICT Manual
• Physical access policy (ITMS server room)
• 24/7 ITMS Help Desk
Group 2
6. CYBER SECURITY DOMAIN
DOMAIN
INITIAL INPUTS/CHALLENGES
(in bullet form)
PROCESS
Others (Outside PNP)
• RA 10173 Data Privacy Act
• RA 10175 Cyber Crime Prevention of Act 2012
• RA8792 Ecommerce Act-
• DICT MC-006 – Prescribing the Policies, Rules and Regulation on the
Protection of Government Agencies Stipulated in the national
Cybersecurity Plan (NCSP) 2022
Needed:
• No Penetration Testing Tools
• Cybersecurity Policy
Group 2
Editor's Notes
note:
delay in the procurement of VA tool, for programming of PT
Ongoing implementation of Vulnerability Assessment (VA) tool
(scanning limitation)
- Delayed response time
Notes:
PNP CampNet Guidelines and Procedures was crafted in 2006
security by design and modification of PNP MC 2014-033
delay in the procurement of VA tool, for programming of PT tool