MASTER OF INFORMATION AND ... - UPOU Repository

(1)

MASTER OF INFORMATION AND COMMUNICATION STUDIES

Capstone Project

(2)

UNIVERSITY OF THE PHILIPPINES OPEN UNIVERSITY

MASTER OF INFORMATION AND COMMUNICATION STUDIES

FEDERICO GREGORIO

DIGITAL TRANSFORMATION OF N&T ENGINEERING ENTERPRISE

Automating Paper-Based Maintenance Checklist

Thesis Adviser:

Mari Anjeli Crisanto

Faculty of Information and Communication Studies

22 April 2022

Permission of the classification of this academic work access is subject to the provisions of applicable laws, the provisions of the UP IPR policy and any

contractual obligations:

Invention (I) Yes or No

Publication (P) Yes or No

Confidential (C) Yes or No

Free (F) Yes or No

(3)

Digital Transformation of N&T Engineering Enterprise 2 University Permission Page

DIGITAL TRANSFORMATION OF N&T ENGINEERING ENTERPRISE

“I hereby grant the University of the Philippines a non-exclusive, worldwide, royalty-free license to reproduce, publish and publicly distribute copies of this Academic Work in whatever form subject to the provisions of applicable laws, the provisions of the UP IPR policy and any contractual obligations, as well as more specific permission marking on the Title Page.”

“I specifically allow the University to:

Specifically, I grant the following rights to the University:

a. Upload a copy of the work in the theses database of the college/school/institute/department and in any other databases available on the public internet

b. Publish the work in the college/school/institute/department journal, both in print and electronic or digital format and online; and

c. Give open access to the work, thus allowing “fair use” of the work in accordance with the provision of the Intellectual Property Code of the Philippines (Republic Act No. 8293), especially for teaching, scholarly and research purposes.

FEDERICO GREGORIO April 22, 2022

Signature over Student Name and Date

(4)

Acceptance Page:

This paper prepared by FEDERICO GREGORIO with the title: “DIGITAL

TRANSFORMATION OF N&T ENGINEERING ENTERPRISE” is hereby accepted by the Faculty of Information and Communication Studies, U.P. Open University, in partial fulfillment of the requirements for the degree Course.

MARI ANJELI L. CRISANTO

Adviser (Date)

DR. ROBERTO FIGUEROA JR.

Program Chair (Date)

DR. DIEGO SILANG S. MARANAN Dean

Faculty of Information and Communication Studies

30 September 2022

7 October 2022

October 21, 2022

(5)

Digital Transformation of N&T Engineering Enterprise 4

Biographical Sketch

Federico Gregorio (born October 6, 1976) is a resident of Binan City and is

currently working as an Information Security Architect in an Electronics Manufacturing

company based in the United States. He is a solo parent with two children with ages

22 the eldest and 17 the youngest. He is the son of a humble tricycle operator

(deceased) and a proud domestic helper in Hong Kong for ten years. At a very young

age, Jojo (nickname) has a curious mind about how things work. He would often

disassemble toys and reassemble resulting in a different toy from the original. During

his secondary school years, he was very interested in computers. He first laid eyes on

a Commodore 64 and instantly fell in love with it. When he went to college, he took

Electronics and Communications Engineering but was not good with Calculus and

failed some of his math subjects. He then transferred to another University where he

took Computer Science. His thesis was a combination of Artificial Intelligence and 3D

Computer Graphics called Virtual Pets. He pursued a career in computers and started

out as a Technical Support Engineer and was very interested in Open Source. He was

given an opportunity to work as a Network and Systems Administrator for academe

where he applied open-source solutions to manage not just the computer laboratory

but the web presence of the institution as well. He then went on to work for an

Electronics Manufacturing company for ten years as a Network Engineer. Highly

interested in the Information Security aspect of the enterprise, he decided to combine

his knowledge and skills in network and decided to pursue a career. He spent the next

seven years in another Electronics Manufacturing company as an Information Security

Architect, helping defend the organization against attacks on the organization’s data.

(6)

Acknowledgment

Special thanks to the people that made this all possible. To my batch mates and classmates in various subjects, congratulations! To the professors and teachers' untiring devotion to the class. Your patience and understanding are highly

appreciated.

Thanks to my loved ones, without their support the author would not be here typing this document. My ever-loving pets Mochi, Kitsune, and Miri for their inspiration and loyalty.

And lastly, to the frontliners who have been at it for more than two years and

the author has nothing but respect for the dedication. You are truly an inspiration for

the whole nation.

(7)

Dedication

To my family, friends, and classmates.

(8)

Title Page i

University Permission Page ii

Acceptance Page iii

Biographical Sketch iv

Acknowledgment v Dedication vi Table of Contents vii

List of Tables viii

List of Figures ix List of Appendices x

ABSTRACT xi

CHAPTER I: THE PROBLEM DOMAIN 1

Statement of the Problem 1

Background and Objectives of the Project 1

Significance and Scope of the Project 2

Documentation of Existence and Seriousness of the Problem 2

Significance of the Study 2

CHAPTER II: REVIEW OF EXISTING ALTERNATIVES 3

CHAPTER III: APPROACH TO BE TAKEN IN THIS PROJECT 5

Theoretical Framework 5

Technologies you plan to consider or use 9

CHAPTER IV: CHAPTER PLAN 15

Plan for User Testing and Project Assessment 15

CHAPTER V: RESULTS AND DISCUSSION 23

CHAPTER VI: CONCLUSIONS 28

(9)

List of Tables

Table 1 Existing Alternatives 3

Table 2 Attack Surface Analysis 17

Table 3

Abuse Cases Threat Actor

18

(10)

List of Figures

Figure 1 Work Order Workflow 5

Figure 2 Relative Cost of Software Defects 6

Figure 3 Security Requirements 7

Figure 4 Secure Communication Path from User to Application/Database 8

Figure 5 Database Design 12

Figure 6

Abuse Cases Threat Actor 18

Figure 7

Vulnerability Chart 19

Figure 8 Common Vulnerabilities and Categories 20

Figure 9 Vulnerability Ranking 21

Figure 10 Services Running 21

Figure 11 System Usability Scale Summary 23

(11)

List of Appendices

A. GANTT CHART 32

B. SAMPLE FORMS OR DOCUMENTS 32

C. FLOW CHART AND SYSTEM FLOW 33

D. TEST PLAN 33

E. DIGITALGUARDIAN 37

F. SENTINELONE

37

G. RAPID7

38 H. UX DESIGN 39

I. SYSTEM ARCHITECTURE 44

J. COMPLETE PROGRAM LISTING 45

K. TECHNICAL REFERENCE 2608

L. USER MANUAL 2609

(12)

Abstract

This project addresses the need of the business to automate its current manual process. The current process involves manual and paper-based checklists with no checking and verification in place. This project implements an application that handles the automation of paper-based processes using computers. Process improvement in their core business includes faster turn-around time, less paperwork and storage requirement, instantaneous information retrieval, and work output integrity check.

N&T Engineering Enterprise (Pte) Ltd. is one of the few Mechanical and Electrical (M&E) Engineering specialists in Singapore with an established track record and a huge array of large clients in government, government-linked companies, and multinational corporations. They handle projects on Mission-Critical Facilities and Infrastructures (air/land/tunnel traffic infrastructure, immigration and checkpoint facilities, institutions, etc.), Mission-Critical Systems (monitoring and control systems, surveillance, support systems, fiber-optic network system, etc.), and Smart City Systems (IoT for Mission-Critical Facilities and Infrastructure).

Software Development Lifecycle is the framework and Project Management governs

the process during the development of the application. Asset, telecommunications,

and network security were implemented to protect data in motion, in transit, and at

rest.

(13)

1

Chapter I

THE PROBLEM DOMAIN Statement of the Problem

The N&T Engineering Enterprise (Pte) Ltd. is monitoring the status of surveillance camera (CCTV) equipment in Singapore. Their current workflow involves going to the site where the camera is installed and checking each diagnosis item to see if something is wrong with the equipment. This is currently done with pen and paper, and there is no process in place to verify if the Field Technician went to the location and did the actual inspection.

This procedure is repeated according to how frequent the check-up items are: these can either be on a weekly or monthly basis. This is then repeated for all the other cameras that will have to be checked.

Once the survey is done, it is passed through the Supervisor for checking. Upon finishing, the survey is then passed to the Manager for Approval.

Background and Objectives of the Project

Current process is paper based with a hard copy form checklist done by Field Technicians.

These forms are checked and approved by the management. The current process does not have a way to audit if fieldwork is done except for the accomplished form.

Paper-based forms also require additional work and manpower to file and arrange the records.

The organization is currently looking into a digital solution to its workflow. Thus, it is imperative

to investigate how this will be implemented with their workflow in mind.

(14)

The objective of this project is to address the following challenges:

1. Automate the process.

2. Digitized the forms.

3. Mitigate the risk of fraud.

Significance and Scope of the Project

The project will address the needs of the business and that is automating their current manual process of Work Order for CCTV inspection with security enhancements.

Documentation of Existence and Seriousness of the Problem

There were cases of Technicians where integrity is being challenged and reports are not handled properly. Although there is no direct evidence of fraud and collusion, this remains to be a question unanswered by the management.

Significance of the Study

Software Development is a challenging domain with so many new technologies every day.

Somehow, during the process Information Security is not considered and given priority. This

project attempts to consider and prioritize Information Security baked-in the process of software

development.

(15)

3

Chapter II

REVIEW OF EXISTING ALTERNATIVES

Off-the-Shelf

Commercial App

Gemba

Functionality Off-the-shelf commercial solutions offer limited generic functionality with no to minimal

customization that fits the business.

Gemba is fully- customizable that addresses the needs of the business.

Reports Management Requires additional cost to create additional templates.

Additional templates are highly customizable based on the end-user requirements and needs.

Workflow Logic Workflow logic requires third-party applications such as Sharepoint.

Workflow is built-in to the system.

Manpower Management Manpower management is limited to a certain number of users.

Scheduling is not an option.

Manpower is based on the business requirement including headcount and scheduling.

Reporting Limited search and report function. Requires

additional licensing cost.

Reporting is tightly aligned with the Reports Management.

Field Maintenance Checklist

Checklist is limited to a certain smartphone operating system only.

Can either work on

Android or IOS.

(16)

Dashboard None. Provides an at-a-glance view of the maintenance status. A geographic map of Singapore is displayed with information signals and audible sounds to alert certain thresholds and conditions.

Data Security None. Data is secured all throughout the lifecycle, from creation to

destruction whether the data is at rest, in motion or in process.

Gemba is an application built with data security in mind. All aspects of data from point A to point B are protected. The physical storage where data is stored is secured with Full Disk Encryption. The server and client communication are encrypted from end-to-end using VPN. And database security techniques include partitioning, tokenization, and polyinstantiation. During the development phase, a source code review was conducted, and the application was processed against security tool audits such as OWASP and vulnerability assessment.

Gemba is an application distributed with its source code to mitigate vendor lock-in. Any

enhancements can be added or modified as long as it conforms to the contract. The source code

can be reviewed or audited by third parties as part of secure coding practice.

(17)

5

Chapter III

APPROACH TO BE TAKEN IN THIS PROJECT Overview

Gemba was coined from the Japanese word meaning the actual place. This refers to the Japanese discipline that any challenges or issues must be solved by going to the place where the value is created. This is what exactly doing maintenance checklists is. The field technician is in the actual place where the assets are installed and maintained.

Fig 1 - Work Order Workflow

Theoretical Framework

A Management Information System (MIS) is an indispensable tool for decision-makers in an organization. With recent technological advancements, this can become synonymous with

"automation" and "digitalizing" the business, but, this just scratches the surface. Having the right

information using the right data and tools to come up with decisions at the right time is a must for

an organization to make the most appropriate of decisions.

(18)

Software Security requirements ensure security in the software development process. Potential security issues are identified at the very start rather than patched and fix it after production release which increases costs and risks and may result in rework.

Fig 2 - Relative Cost of Software Defects

The risk of not incorporating the core software security concepts (confidentiality, integrity,

availability, authentication, authorization, and auditing) early in the development phases results

in insecure software.

(19)

7

Fig 3 - Security Requirements

General:

●

Session management – design and implementation of controls to ensure that the communications channels are secured from unauthorized access and disruption of communications.

●

Exception management – the process of handling any errors that could appear during the system execution.

●

Configuration management – identification and management of the configuration

items (initialization parameters, connection strings, paths, keys).

(20)

Operational:

●

Deployment Environment: Identify and capture pertinent requirements about the environment in which the software will be deployed. -

●

Archiving: Identify the regulatory and business requirement for business continuity

●

Anti-piracy: Identity requirements for code obfuscation, code signing, anti- tampering, and IP protection mechanisms.

Other:

●

Sequencing and Timing: Identify sequencing and timing requirements to protect against race conditions of Time of Check/Time of Use (TOC/TOU) attacks.

●

International: Factor in any international requirements that include both legal and technological requirements

●

Procurement: Evaluate and communicate requirements if purchased.

Fig 4 - Secure Communication Path from User to Application/Database

(21)

9

Technologies You Plan to Consider or Use

The application code was deployed on-premises where the core services are hosted. The web service is only reachable and available in the office network. Remote requires VPN to connect as needed. This is one of the security controls in place to mitigate the risk of exposing data on the Internet. The application operates in a client-server model where the application communicates through the server and all information and data are stored in a database.

Application Layer

The application uses a secure code framework with security built in. Libraries such as sandboxing, encrypted shared preferences, encryption, and obfuscation are supported. Oracle Application Express is the base framework for developing the application.

Server and Database Layer

The server and database are hosted on a private cloud. Perimeter firewalls were deployed

to protect the incoming and outgoing traffic. Intrusion prevention systems were used to filter

network traffic. Anti-Malware was installed on the server with an Artificial Intelligence algorithm

to detect malicious codes even without the published signature (zero-day). Patch management

was implemented to mitigate the vulnerabilities in the Operating System and other applications

running on the server. A Data Leak Prevention (DLP) solution was also installed to prevent and

detect the exfiltration of sensitive information. A Security Incident and Event Management agent

were installed to forward all logs to a central repository for auditing and reporting purposes.

(22)

Client Layer

The client was installed with antimalware, patch management, DLP, and SIEM agents. A Virtual Private Networking (VPN) agent was installed in each connecting client.

System Design

a. System Features

REPORTS MANAGEMENT

Supervisors can create, modify and delete Report Template as needed by the business.

Initial deployment requires the migration of paper-based forms into digitized counterparts.

REPORTING

Supervisors to have the ability to export and search reports depending on time (daily, weekly, monthly, on-demand, etc.). Exportable format (PDF) can be saved on a local computer. Reports are searchable through filters.

RESOURCE MANAGEMENT

Supervisors can create, modify and delete resources as needed by the business. Initial deployment requires the migration of paper-based forms into digitized counterparts.

These include MANPOWER and MACHINES.

(23)

11

WORKFLOW LOGIC

Backend functionality where workflow for paper-based documents is computerized.

Automated functionality includes sending of notifications and approvals via email.

FIELD MAINTENANCE CHECKLIST

End-users have the ability to perform maintenance checklists based on the report template. Submitted forms are sent to the Supervisor for review and approval.

DASHBOARD

At-a-glance overview of the status of maintenance including a geographical map and pertinent information such as alerts on thresholds.

DATA SECURITY

Data is protected throughout the lifecycle from creation to destruction.

b. Database Design

The application is running a database with the following schema design:

(24)

Fig 5 - Database Design

(25)

13

Implementation Infrastructure

The private cloud data center is hosted in Kwun Tong, Hong Kong. The bare-metal machine is provided by Dell including the SAN storage. The network is protected by a 2-layer firewall deployment. Cisco ASA has a perimeter firewall, IPS, and the VPN server. Fortinet FortiGate is the Internet gateway as protection for web-filtering, application control, anti-malware, IPS, and DNS.

For authentication and authorization, a Domain Controller is deployed to centralize the user accounts and application of role-based access control (RBAC). The application server is forwarding all logs to a collector for the SIEM as part of accounting.

Vulnerability management plays an important role in the management of software weaknesses found in the operating system and software installed. Each vulnerability is rated according to its criticality and recommendations are listed such as installing software patches.

This is done through the InsightVM cloud solution, which scans weekly to check the system for vulnerabilities.

Application Layer

The application server is installed on the ESXi VMWare with Microsoft Windows Server

2019. Server hardening is applied where non-essential services are disabled. The software

development framework is done via Oracle Application Express, and the database engine is

Oracle. This application server is protected by SentinelOne antimalware software. Unlike

traditional antimalware software that relies on the signature, SentinelOne leverages AI to detect

malicious code which includes zero-day attacks. RAPID7 agent is also installed as SIEM to

forward logs and events including software vulnerabilities if any. DigitalGuardian acts as the DLP

(26)

agent, which monitors any file-related movement and prevents unauthorized exfiltration of confidential files.

Server and Database Layer

The VPN server is hosted in the Cisco ASA appliance. The domain is registered with a certificate from GlobalSign. This is to make sure that the communication between the server and the client is secure and authenticated. The AAA services are controlled by Cisco Identity Services Engine (ISE) via RADIUS protocol. Once the client initiates a connection, it authenticates using the Active Directory account assigned. Cisco ISE maps the security group assigned to the user (RBAC) and applies the correct authorization profile where it will only allow access to the specified server IP addresses.

Client Layer

The client is also protected by SentinelOne for antimalware, RAPID7 for SIEM, and

DigitalGuardian for DLP. The Cisco AnyConnect Client is a requirement to establish the VPN

connection for the application to be accessible either on the end-user PC or smartphone device.

(27)

15

Chapter IV CHAPTER PLAN

Plan for User Testing and Project Assessment A. User Testing

As part of the software development security, software testing is vital before distributing it for internal use.

Reasonableness Check

This ensures that the values returned by the application match the criteria that are within reasonable bounds. Maximum allowable units in the maintenance checklist such as the total number of devices should be within reasonable limits.

This also includes how it handles normal and valid input, incorrect types, out-of-range values, and other limits.

The tester assigned is not part of the development team to follow the separation of duties.

White-Box and Static Testing

Source code reviews were done by a vendor or third party. A consultant was assigned to check the source code if any programming flaws or vulnerabilities were present.

Dynamic Testing

This uses an automated process of checking the application while it is running. OWASP and vulnerability management software were used to conduct this type of testing.

User Acceptance Testing

User testing is done by selecting end-users using a test plan (Appendix - D Test Plan). The

test plan includes functionality and desired results if PASS or FAIL. Each test plan is submitted

to the development team and addressed if needed.

(28)

Any identified bugs or flaws go through a code review and proper maintenance and change management is in place. The change management document contains all the information including the code snippet and result of testing. The change management goes from request to change then release.

Regression Testing

This is conducted after a code change is released to the production environment. The user conducts the UAT using a predefined test plan.

B. Security Testing

Attack Surface Analysis

Using the manual method of measuring the exposure and potential for an application’s ingress and egress points to be exploited by the bad actor.

Each feature of the application is a potential attack vector that the malicious actor

could exploit. This is part of a threat modeling exercise done in the design phase.

(29)

17

TOTAL ATTACK SURFACE (BEFORE) = 80 REDUCED ATTACK SURFACE (AFTER) = 44

Data shows that the attack surface can be minimized either by - Reducing the number of components in a system

- Hardening the system, closing unnecessary ports and services - Mitigating software coding vulnerabilities

(30)

Abuse Cases

This is a variation of use cases. An abuse case is a use case where the outcome of the interaction negatively impacts the system, an actor, or a stakeholder of the system.

The negative impact can be considered an interaction that impacts security.

Fig 6 - Abuse Cases Threat Actor

Vulnerability Assessment

(31)

19

InsightVM Executive Summary

This report represents a security audit performed by InsightVM from Rapid7 LLC. It contains confidential information about the state of your network. Access to this information by unauthorized personnel may allow them to compromise your network.

Site Name

Start

Time End Time

Total

Time Status

Rapid7 Insight Agents

April 15, 2022, 23:58, HKT

April 16, 2022, 00:01,

HKT 2 minutes Success

The audit was performed on one system which was found to be active and was scanned.

Fig 7 - Vulnerability Chart

There were 1,177 vulnerabilities found during this scan. Of these, 209 were critical

vulnerabilities. Critical vulnerabilities require immediate attention. They are relatively easy

for attackers to exploit and may provide them with full control of the affected systems. 825

vulnerabilities were severe. Severe vulnerabilities are often harder to exploit and may not

provide the same access to affected systems. There were 143 moderate vulnerabilities

discovered. These often provide information to attackers that may assist them in mounting

(32)

subsequent attacks on your network. These should also be fixed in a timely manner, but are not as urgent as the other vulnerabilities.

Fig 8 - Common Vulnerabilities and Categories

There were 3 occurrences of the msft-cve-2019-1367 vulnerability, making it the most common vulnerability. There were 1,162 vulnerability instances in the Microsoft and Microsoft Patch categories, making them the most common vulnerability categories.

Fig 9 - Vulnerability Ranking

The flash_player-cve-2018-15982 vulnerability poses the highest risk to the organization with a risk score of 1,510. Risk scores are based on the types and numbers of vulnerabilities on affected assets.

One operating system was identified during this scan.

(33)

21

There were 5 services found to be running during this scan.

Fig 10 - Services Running

The FTP, IMAP, POP, and SMTP services were found on 1 system, making them the most common services.

Addressing the Vulnerabilities

As recommended by the report, installing the latest Microsoft patches resolved most of the issues. Uninstalling Adobe Flash also addresses some of these issues. And finally, shutting down the unused services port such as the FTP, IMAP, POP, and SMTP addresses the most common services.

Based on ZAPROXY findings, below are the vulnerabilities and their mitigation techniques:

1. Absence of Ant-CSRF Tokens - ensure that the application is free of cross-site

scripting issues. Oracle Apex has built-in security to mitigate this type of

vulnerability.

(34)

2. Cross-Domain Misconfiguration - ensure that sensitive data is not available in an unauthenticated manner. The application requires VPN access and this mitigates authentication vulnerability.

3. Missing Anti-clickjacking Header - modern web browsers support the Content- Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by the application.

4. Secure Pages Include Mixed Content - a page that is available over SSL/TLS must be comprised completely of content that is transmitted over SSL/TLS. Application is accessible only via HTTPS with a valid certificate from a reputable authority.

5. Vulnerable JS Library - the identified library is jquery-ui. Patching to the latest java

library will mitigate this vulnerability.

(35)

23

Chapter V

RESULTS AND DISCUSSION

Time management is something that needs to be considered when undertaking a project like this. The author is limited in resources and the pandemic is a real challenge. Besides work- life balance, having to spend time almost virtually 24x7 is equally challenging. Thankfully, with the age of the Internet and multiple ways to collaborate and find resources on the world wide web.

Maintenance of the application is part of the project. Post GO-LIVE activities include monthly preventive maintenance including vulnerability management. Software updates for the infrastructure, applications, database, and servers are monitored and audited.

Based on System Usability Scale conducted by the author on eight (8) pilot users. The result is overwhelmingly positive in usability and user experience.

Fig 12 - System Usability Scale Summary

(36)

(37)

25

(38)

(39)

27

(40)

Chapter VI CONCLUSIONS

Developing an application has never been easier than before. So many programming language frameworks to choose from and the learning curve is much easier. The real challenge lies in the security of data. While this project focuses on the digital transformation of the business, the real challenge was securing sensitive information of the company. Make sure that security is baked in and not sprayed on. Think about security even from the conceptualization stage. Let us not be trapped in the notion that software can be patched later. Let’s do things right the first time.

Due to the challenge of the pandemic, the application development still has room for improvement, and hopefully one day, the organization will be able to use this system fully in ways the business of N&T benefits.

Going back to the objectives of this project, all were met satisfactorily.

Automated the process? Full automation was achieved through the application. Including the workflow, the inventory, and the resource management.

Digitized the forms? No more paperwork to fill in, everything is in digital format and easy to use and read.

Mitigated the risk of fraud? Part of the system is to provide pictures taken from the site.

System audit logs keep track of the movement of work orders.

(41)

29

Chapter VII RECOMMENDATIONS

There is no perfect security. Newer attacks are detected daily whether it’s a SQL injection or XSS scripting. Information security is a continuous process and the way to mitigate is through process maturity. There are ways to securely communicate in the chaotic world of the Internet.

Administrative controls are ways that can teach users how to behave in certain scenarios.

Therefore awareness is such a big effort in business nowadays. Technical controls are always going to be managing hardware and software protection. Auditing has been a big part of Information security, and this should be a continuous effort.

With Gemba, there are still security gaps that need to be addressed. Mobile Device Management (MDM) is one. This would enable the business to protect confidential information that is stored in the smartphone device.

Penetration testing by a third party annually is also highly recommended. This is to ensure that any external-facing services are tested for any vulnerabilities and should be addressed if any.

(42)

REFERENCES

[1] Chapple, M., Stewart, J. and Gibson, D., 2018. (ISC)² CISSP Certified Information

Systems Security Professional Official Study Guide. 8th ed. New York: Sybex, pp.12-14, 186, 198-200, 256, 320-357, 360, 486-492, 540-545, 546-548, 609-612, 668-679, 681687, 688-690, 723-728, 872-909,.

[2] SentinelOne. 2021. SentinelOne | Autonomous AI Endpoint Security Platform. [online] Available at: <https://www.sentinelone.com/> [Accessed 4 May 2021].

[3] Rapid7. 2021. Cybersecurity & Compliance Solutions & Services | Rapid7. [online] Available at:

<https://www.rapid7.com/> [Accessed 4 May 2021].

[4] Digital Guardian. 2021. Digital Guardian. [online] Available at: <https://digitalguardian.com/>

[Accessed 4 May 2021].

[5] Cisco. 2021. Cisco - Networking, Cloud, and Cybersecurity Solutions. [online] Available at:

<https://www.cisco.com/> [Accessed 4 May 2021].

[6] Fortinet. 2021. Fortinet | Enterprise Security Without Compromise. [online] Available at:

<https://www.fortinet.com/> [Accessed 4 May 2021].

[7] Learn ISC2 Course. 2021. Assessing Application Security. [online] Available at:

<https://learn.isc2.org/d2l/home/8487> [Accessed 4 May 2021].

(43)

31

Appendices

(44)

A. GANTT CHART

B. SAMPLE FORMS OR DOCUMENTS

(45)

33

C. FLOWCHART AND SYSTEM FLOW

D.

TEST PLAN

Feature Test Case Test Steps Expected Results Status

1. Login 1.a. Login as

authorized user.

1. Go to the login page.

2. Fill in the correct login information. 3. Click Sign In

User will be redirected to the Dashboard.

1.b. Login as unauthorized user.

1. Go to the login page.

2. Fill in the incorrect login information. 3. Click Sign In

System will display the prompt "Invalid Login Credentials".

2. Inventory 2.a. Add New Asset 1. Login.

2. Go to Inventory >

Add New Assets.

3. Fill in asset details.

4. Click Create.

User will be redirected to the Add New Asset page.

(46)

2.b. Edit Asset 1. Login.

Manage Assets.

3. Edit and asset by clicking the serial number.

4. Fill in new details.

5. Click Apply Changes.

Asset details will be updated and displayed in list of assets.

2.c. Delete Asset 1. Login.

Manage Assets.

3. Edit and asset by clicking the serial number.

4. Click Delete.

The asset will be removed from the list of assets.

3. Dashboard 3.a. Access Dashboard

1. Login.

2. Confirm the landing page is Dashboard.

Users will be automatically redirected to the dashboard after logging in.

4. Work Orders 4.a. Schedule a Work Order

1. Login.

2. Go to Work Orders

> Schedule a Work Order.

3. Select the Serial Number of the asset.

4. In the queue window, select the date under Maintenance Date.

5. Click Confirm Schedule.

A work order schedule will be created based on the date assigned by the user.

4.b. Perform Maintenance

1. Login.

> For Maintenance.

3. Select the asset name from the calendar or the list view.

4. Perform the

maintenance work.

5. Click Submit for Review.

Maintenance work will be done after submitting for review. An email notification will be sent to the

Supervisor.

(47)

35

4.c. Perform Review of Work Order

1. Login.

> For Review.

3. Select the Work Order ID for review.

4. Perform the review.

5. Click Submit for Approval.

Maintenance work will be queued for approval after submitting for review. An email notification will be sent to the Manager.

4.d. Perform Approval of Work Order

1. Login.

> For Approval.

3. Select the Work Order ID for approval.

4. Perform the review.

5. Click Submit for Archive.

Maintenance work will be queued for archival.

4.e. Print Work Order from Archive

1. Login.

> Archive.

3. Select the Work Order ID for printing.

4. Click Print to go to print dialogue.

Printout of the archived Work Order.

5. Reporting 5.a. Sort the report headers.

1. Login.

2. Go to Reporting.

3. Select a header, and perform sort ascending or descending.

The report header will be sorted according to the user option.

5.b. Filter the report. 1. Login.

2. Go to Reporting.

3. Select a header, and perform a filter.

The report header will be filtered according to the user option.

5.c. Save the report. 1. Login.

2. Go to Reporting.

4. Perform a sort or filter.

3. Click Actions >

Report > Save Report.

4. Fill in the

information and click Apply.

A saved report will be added to the report menu.

(48)

6. Administration 6.a. Add a User. 1. Login.

2. Go to Administration.

3. In Access Control, click Add.

4. Fill in the

information, including the access level.

A user will be created with access control privilege.

6.b. Edit a User. 1. Login.

2. Go to

Administration > Users.

3. In Manage User Access, click the pen button beside the user.

4. Fill in the

information, including the access level.

5. Click Apply Changes.

A user will be modified with access control privilege.

6.c. Delete a User. 1. Login.

2. Go to

Administration > Users.

3. In Manage User Access, click the pen button beside the user.

A user will be deleted.

4. Click Delete.

7. System Logs 7a. View Application Error Log

1. Login.

2. Go to

Administration > Application Error Log.

Users will be able to view the system logs.

8. Role-Based Access Control (RBAC)

8.a. Login as ADMINISTRATOR.

1. Login with

ADMINISTRATOR access.

2. Verify access to the menu.

Users will be able to access all the menus.

8.b. Login as MANAGER.

1. Login with MANAGER access.

Users will be able to access Dashboard, Work Order Schedule,

Maintenance, Review, Approval, and Archive,

(49)

37

8.c. Login as SUPERVISOR.

1. Login with SUPERVISOR access.

Users will be able to access Dashboard, Work Order Schedule,

Maintenance, Review and Archive, Reporting, and Inventory menu.

8.b. Login as FIELD TECHNICIAN.

1. Login with FIELD TECHNICIAN access.

Users will be able to access only the For

Maintenance menu.

E.

DIGITAL GUARDIAN (DLP)

(50)

F.

SENTINELONE

G.

RAPID7

(51)

39

H.

UX DESIGN

(52)

(53)

41

(54)

(55)

43

(56)

I.

SYSTEM ARCHITECTURE

(57)

45

J.

COMPLETE PROGRAM LISTING

prompt --application/set_environment set define off verify off feedback off whenever sqlerror exit sql.sqlcode rollback

--- - -

-- ORACLE Application Express (APEX) export file --

-- You should run the script connected to SQL*Plus as the Oracle user -- APEX_210200 or as the owner (parsing schema) of the application.

--

-- NOTE: Calls to apex_application_install override the defaults below.

--

--- begin

wwv_flow_api.import_begin (

p_version_yyyy_mm_dd=>'2021.10.15' ,p_release=>'21.2.0'

,p_default_workspace_id=>1313413184027543 ,p_default_application_id=>100

,p_default_id_offset=>1536860264338076 ,p_default_owner=>'APEX'

);

end;

/

prompt APPLICATION 100 - N&T Engineering --

-- Application Export:

-- Application: 100

-- Name: N&T Engineering

-- Date and Time: 21:51 Tuesday April 19, 2022 -- Exported By: ADMIN

-- Flashback: 0

-- Export Type: Application Export -- Pages: 49

-- Items: 643 -- Processes: 53 -- Regions: 93 -- Buttons: 81 -- Dynamic Actions: 18 -- Shared Components:

-- Logic:

-- Items: 3 -- Computations: 3 -- App Settings: 1 -- Build Options: 3 -- Navigation:

(58)

-- Lists: 6 -- Breadcrumbs: 1

(59)

47

-- Entries: 2 -- Security:

-- Authentication: 2 -- Authorization:

10 -- ACL Roles:

6 -- User Interface: -- Themes: 1 -- Templates:

-- Page: 9 -- Region: 16 -- Label: 7 -- List: 12 -- Popup LOV: 1 -- Calendar: 1 -- Breadcrumb: 1 -- Button: 3 -- Report: 10 -- LOVs: 5 -- Shortcuts: 1 -- Plug-ins: 4 -- Globalization:

-- Reports:

-- E-Mail:

-- Templates: 1 -- Supporting Objects: Included -- Version: 21.2.0

-- Instance ID: 697822799070898 --

prompt --application/delete_application begin

wwv_flow_api.remove_flow(wwv_flow.g_flow_id);

end;

/

prompt --

application/create_application begin wwv_flow_api.create_flow(

p_id=>wwv_flow.g_flow_id

,p_owner=>nvl(wwv_flow_application_install.get_schema,'APEX') ,p_name=>nvl(wwv_flow_application_install.get_application_name,'N&T Engineering')

,p_alias=>nvl(wwv_flow_application_install.get_application_alias,'100') ,p_page_view_logging=>'YES'

,p_page_protection_enabled_y_n=>'Y'

(60)

,p_checksum_salt=>'B3BF708AE05DEE231A43F374D78DF2D90646684C044DBE0 5

9258F6A1BEA3B78D'

,p_bookmark_checksum_function=>'SH512' ,p_accept_old_checksums=>false

,p_compatibility_mode=>'21.2' ,p_flow_language=>'en'

,p_flow_language_derived_from=>'FLOW_PRIMARY_LANGUAGE' ,p_allow_feedback_yn=>'Y'

,p_direction_right_to_left=>'N'

,p_flow_image_prefix => nvl(wwv_flow_application_install.get_image_prefix,'') ,p_documentation_banner=>'Application created from create application wizard 2021.10.04.'

,p_authentication=>'PLUGIN'

,p_authentication_id=>wwv_flow_api.id(1365259021043750) ,p_application_tab_set=>1

,p_logo_type=>'T'

,p_logo_text=>'N&T Engineering'

,p_app_builder_icon_name=>'app-icon.svg' ,p_public_user=>'APEX_PUBLIC_USER'

,p_proxy_server=>nvl(wwv_flow_application_install.get_proxy,'')

,p_no_proxy_domains=>nvl(wwv_flow_application_install.get_no_proxy_domains,'') ,p_flow_version=>'Release 1.0'

,p_flow_status=>'AVAILABLE_W_EDIT_LINK'

,p_flow_unavailable_text=>'This application is currently unavailable at this time.' ,p_build_status=> 'RUN_ONLY'

,p_exact_substitutions_only=>'Y' ,p_browser_cache=>'N'

,p_browser_frame=>'D'

,p_referrer_policy=>'strict-origin-when-cross-origin' ,p_runtime_api_usage=>'T'

,p_security_scheme=>wwv_flow_api.id(1500034535044043)

(61)

49

,p_authorize_batch_job=>'N' ,p_rejoin_existing_sessions=>'N' ,p_csv_encoding=>'Y'

,p_auto_time_zone=>'N'

,p_email_from=>'[email protected]' ,p_substitution_string_01=>'APP_NAME' ,p_substitution_value_01=>'N&T Engineering' ,p_last_updated_by=>'ADMIN'

,p_last_upd_yyyymmddhh24miss=>'20220311164530'

,p_file_prefix => nvl(wwv_flow_application_install.get_static_app_file_prefix,'') ,p_files_version=>23

,p_ui_type_name => null

,p_print_server_type=>'INSTANCE' ,p_is_pwa=>'Y'

,p_pwa_is_installable=>'Y'

,p_pwa_manifest_description=>'gemba' ,p_pwa_manifest_display=>'standalone' ,p_pwa_manifest_orientation=>'any'

,p_pwa_manifest_theme_color=>'#000000' );

end;

/

prompt --application/shared_components/navigation/lists/desktop_navigation_menu begin

wwv_flow_api.create_list(

p_id=>wwv_flow_api.id(1366042885043758) ,p_name=>'Desktop Navigation Menu'

,p_list_status=>'PUBLIC' );

wwv_flow_api.create_list_item(

p_id=>wwv_flow_api.id(1508232968044141) ,p_list_item_display_sequence=>10

,p_list_item_link_text=>'Dashboard'

,p_list_item_link_target=>'f?p=&APP_ID.:1:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-dashboard'

,p_security_scheme=>wwv_flow_api.id(2013950697916446) ,p_list_item_current_type=>'TARGET_PAGE'

);

,p_list_item_link_text=>'Work Orders' ,p_list_item_icon=>'fa-inbox'

);

(62)

,p_list_item_link_text=>'Schedule a Work Order'

,p_list_item_link_target=>'f?p=&APP_ID.:18:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-calendar-wrench'

,p_parent_list_item_id=>wwv_flow_api.id(23438462539797140) ,p_security_scheme=>wwv_flow_api.id(2013950697916446) ,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST' ,p_list_item_current_for_pages=>'18'

);

,p_list_item_link_text=>'For Maintenance [&G01.]'

,p_list_item_link_target=>'f?p=&APP_ID.:2:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-bell'

,p_parent_list_item_id=>wwv_flow_api.id(23438462539797140) ,p_security_scheme=>wwv_flow_api.id(2013950697916446) ,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST' ,p_list_item_current_for_pages=>'2,14,15,16,17'

);

,p_list_item_link_text=>'For Review [&G02.]'

,p_list_item_link_target=>'f?p=&APP_ID.:16:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-calendar-edit'

,p_parent_list_item_id=>wwv_flow_api.id(23438462539797140) ,p_security_scheme=>wwv_flow_api.id(2013950697916446)

(63)

,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST'

51

,p_list_item_current_for_pages=>'16' );

,p_list_item_link_text=>'For Approval [&G03.]'

,p_list_item_link_target=>'f?p=&APP_ID.:17:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-calendar-check-o'

);

,p_list_item_link_text=>'Archive'

,p_list_item_link_target=>'f?p=&APP_ID.:14:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-archive'

,p_parent_list_item_id=>wwv_flow_api.id(23438462539797140) ,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST' ,p_list_item_current_for_pages=>'14'

);

,p_list_item_link_text=>'Reporting'

,p_list_item_link_target=>'f?p=&APP_ID.:4:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-bar-chart'

,p_security_scheme=>wwv_flow_api.id(2013950697916446) ,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST' ,p_list_item_current_for_pages=>'4'

);

,p_list_item_link_text=>'Inventory' ,p_list_item_icon=>'fa-sitemap-vertical'

);

,p_list_item_link_text=>'Add New Assets'

,p_list_item_link_target=>'f?p=&APP_ID.:37:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-network-hub'

(64)

,p_parent_list_item_id=>wwv_flow_api.id(23440758167843246) ,p_security_scheme=>wwv_flow_api.id(2013950697916446) ,p_list_item_current_for_pages=>'9,3,13'

);

,p_list_item_link_text=>'Manage Assets'

,p_list_item_link_target=>'f?p=&APP_ID.:8:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-edit'

);

,p_list_item_link_text=>'Procedure Library'

);

,p_list_item_link_text=>'Add New Procedure'

,p_list_item_link_target=>'f?p=&APP_ID.:11:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-list'

,p_parent_list_item_id=>wwv_flow_api.id(23441609215856547) ,p_security_scheme=>wwv_flow_api.id(1499995141044043) ,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST' ,p_list_item_current_for_pages=>'11,12'

);

,p_list_item_link_text=>'AID Checklist'

,p_list_item_link_target=>'f?p=&APP_ID.:12:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-clipboard-check'

,p_parent_list_item_id=>wwv_flow_api.id(23441609215856547) ,p_security_scheme=>wwv_flow_api.id(1499995141044043) ,p_list_item_current_type=>'COLON_DELIMITED_PAGE_LIST' ,p_list_item_current_for_pages=>'11,12'

);

p_id=>wwv_flow_api.id(23447399258921224)

(65)

53

,p_list_item_link_target=>'f?p=&APP_ID.:2:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-bell'

,p_security_scheme=>wwv_flow_api.id(2013569475893245) ,p_list_item_current_for_pages=>'2,14,15,16,17'

);

,p_list_item_link_text=>'Administration'

,p_list_item_link_target=>'f?p=&APP_ID.:10000:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-user-wrench'

);

end;

/

prompt --application/shared_components/navigation/lists/desktop_navigation_bar begin

p_id=>wwv_flow_api.id(1496150197043956) ,p_name=>'Desktop Navigation Bar'

,p_list_item_link_text=>'Install App' ,p_list_item_link_target=>'#'

,p_list_item_icon=>'fa-cloud-download' ,p_list_text_02=>'a-pwaInstall'

,p_list_item_current_type=>'NEVER' );

,p_list_item_link_text=>'About'

,p_list_item_icon=>'fa-question-circle-o' ,p_list_text_02=>'icon-only'

,p_required_patch=>wwv_flow_api.id(1498574401044035) ,p_list_item_current_type=>'TARGET_PAGE'

);

,p_list_item_link_text=>'Page Help'

(66)

,p_list_item_link_target=>'f?p=&APP_ID.:10031:&SESSION.::&DEBUG.::P10031_P A

GE_ID:&APP_PAGE_ID.:'

,p_list_item_icon=>'fa-question-circle-o'

,p_parent_list_item_id=>wwv_flow_api.id(1616408471044650) ,p_list_text_02=>'icon-only'

,p_required_patch=>wwv_flow_api.id(1498574401044035) ,p_list_item_current_type=>'TARGET_PAGE'

(67)

55

);

,p_list_item_link_text=>'---'

,p_list_item_link_target=>'separator'

,p_parent_list_item_id=>wwv_flow_api.id(1616408471044650) ,p_list_item_current_type=>'TARGET_PAGE'

);

,p_list_item_link_text=>'About Page'

,p_list_item_link_target=>'f?p=&APP_ID.:10030:&SESSION.::&DEBUG.:10030' ,p_list_item_icon=>'fa-info-circle-o'

,p_parent_list_item_id=>wwv_flow_api.id(1616408471044650) ,p_required_patch=>wwv_flow_api.id(1498574401044035) ,p_list_item_current_type=>'TARGET_PAGE'

);

,p_list_item_link_text=>'&APP_USER.' ,p_list_item_link_target=>'#'

,p_list_item_icon=>'fa-user' ,p_list_text_02=>'has-username'

,p_list_item_current_type=>'TARGET_PAGE' );

,p_list_item_link_text=>'---'

,p_list_item_link_target=>'separator'

);

,p_list_item_link_text=>'Sign Out'

,p_list_item_link_target=>'&LOGOUT_URL.' ,p_list_item_icon=>'fa-sign-out'

);

end;

/

(68)

prompt --application/shared_components/navigation/lists/activity_reports begin

p_id=>wwv_flow_api.id(1620565037044676) ,p_name=>'Activity Reports'

,p_list_status=>'PUBLIC'

,p_required_patch=>wwv_flow_api.id(1497918711044035) );

,p_list_item_link_text=>'Dashboard'

,p_list_item_link_target=>'f?p=&APP_ID.:10010:&SESSION.::&DEBUG.:10010:::' ,p_list_item_icon=>'fa-area-chart'

,p_list_text_01=>'View application activity metrics' ,p_list_item_current_type=>'TARGET_PAGE' );

,p_list_item_link_text=>'Top Users'

,p_list_item_link_target=>'f?p=&APP_ID.:10011:&SESSION.::&DEBUG.:10011:::' ,p_list_item_icon=>'fa-user-chart'

,p_list_text_01=>'Report of page views aggregated by user' ,p_list_item_current_type=>'TARGET_PAGE'

);

,p_list_item_link_text=>'Application Error Log'

,p_list_item_link_target=>'f?p=&APP_ID.:10012:&SESSION.::&DEBUG.:10012:::' ,p_list_item_icon=>'fa-exclamation'

,p_list_text_01=>'Report of errors logged by this application' ,p_list_item_current_type=>'TARGET_PAGE'

);

,p_list_item_link_text=>'Page Performance'

,p_list_item_link_target=>'f?p=&APP_ID.:10013:&SESSION.::&DEBUG.:10013:::' ,p_list_item_icon=>'fa-file-chart'

,p_list_text_01=>'Report of activity and performance by application page' ,p_list_item_current_type=>'TARGET_PAGE'

);

p_id=>wwv_flow_api.id(1622579241044679)

(69)

57

,p_list_item_link_target=>'f?p=&APP_ID.:10014:&SESSION.::&DEBUG.:RIR,10014:::' ,p_list_item_icon=>'fa-file-search'

,p_list_text_01=>'Report of each page view by user including date of access and elapsed time'

,p_list_item_current_type=>'TARGET_PAGE' );

end;

/

prompt --application/shared_components/navigation/lists/access_control begin wwv_flow_api.create_list(

p_id=>wwv_flow_api.id(1622841834044680) ,p_name=>'Access Control'

,p_list_status=>'PUBLIC'

,p_required_patch=>wwv_flow_api.id(1497869162044035) );

,p_list_item_link_text=>'Users'

,p_list_item_link_target=>'f?p=&APP_ID.:10021:&SESSION.::&DEBUG.:RP:::' ,p_list_item_icon=>'fa-users'

,p_list_text_01=>'Change access control settings and disable access control' ,p_list_item_current_type=>'TARGET_PAGE'

);

p_id=>wwv_flow_api.id(1623667924044680) ,p_list_item_display_sequence=>20 ,p_list_item_link_text=>'Access Control'

(70)

,p_list_item_link_target=>'f?p=&APP_ID.:10020:&SESSION.::&DEBUG.::::' ,p_list_item_icon=>'fa-key'

,p_list_text_01=>'Set level of access for authenticated users of this application' ,p_list_item_current_type=>'TARGET_PAGE'

);

end;

/

prompt --application/shared_components/navigation/lists/list_of_assets begin

p_id=>wwv_flow_api.id(13339257359676492) ,p_name=>'List of Assets'

,p_list_type=>'SQL_QUERY'

,p_list_query=>'select * from assets' ,p_list_status=>'PUBLIC'

);

end;

/

prompt --application/shared_components/navigation/lists/wizard_progress_list begin

p_id=>wwv_flow_api.id(18703359648494110) ,p_name=>'Wizard Progress List'

,p_list_item_link_text=>'Step 1'

,p_list_item_link_target=>'f?p=&APP_ID.:23:&SESSION.::&DEBUG.' ,p_list_item_current_type=>'TARGET_PAGE'

);

(71)

59

,p_list_item_display_sequence=>40 ,p_list_item_link_text=>'Step 4'

);

end;

/

prompt --application/shared_components/files/help_dashboard_001_png begin

wwv_flow_api.g_varchar2_table := wwv_flow_api.empty_varchar2_table;

wwv_flow_api.g_varchar2_table(1) :=

(72)

'89504E470D0A1A0A0000000D49484452000002580000018A08020000005F1AA832 000000097048597300000B1300000B1301009A9C18000039EE69545874584D4C3A 636F6D2E61646F62652E786D7000000000003C3F787061636B657420626567696E 3D';

'22EFBBBF222069643D2257354D304D7043656869487A7265537A4E54637A6B633 964223F3E0A3C783A786D706D65746120786D6C6E733A783D2261646F62653A6E 733A6D6574612F2220783A786D70746B3D2241646F626520584D5020436F726520 352E';

'362D633036372037392E3135373734372C20323031352F30332F33302D32333A343 03A34322020202020202020223E0A2020203C7264663A52444620786D6C6E733A7 264663D22687474703A2F2F7777772E77332E6F72672F313939392F30322F32322D ';

'7264662D73796E7461782D6E7323223E0A2020202020203C7264663A4465736372 697074696F6E207264663A61626F75743D22220A202020202020202020202020786 D6C6E733A786D703D22687474703A2F2F6E732E61646F62652E636F6D2F786170 2F';

'312E302F220A202020202020202020202020786D6C6E733A786D704D4D3D22687 474703A2F2F6E732E61646F62652E636F6D2F7861702F312E302F6D6D2F220A20 2

020202020202020202020786D6C6E733A73744576743D22687474703A2F2F6E732 E61';

'646F62652E636F6D2F7861702F312E302F73547970652F5265736F7572636545766 56E7423220A202020202020202020202020786D6C6E733A64633D22687474703A2 F2F7075726C2E6F72672F64632F656C656D656E74732F312E312F220A202020202 0';

'20202020202020786D6C6E733A70686F746F73686F703D22687474703A2F2F6E73 2E61646F62652E636F6D2F70686F746F73686F702F312E302F220A202020202020 2

02020202020786D6C6E733A746966663D22687474703A2F2F6E732E61646F62652 E';

(73)

61

MASTER OF INFORMATION AND ... - UPOU Repository

MASTER OF INFORMATION AND COMMUNICATION STUDIES

Capstone Project

UNIVERSITY OF THE PHILIPPINES OPEN UNIVERSITY

MASTER OF INFORMATION AND COMMUNICATION STUDIES

FEDERICO GREGORIO

DIGITAL TRANSFORMATION OF N&T ENGINEERING ENTERPRISE

Thesis Adviser:

Mari Anjeli Crisanto

Faculty of Information and Communication Studies

22 April 2022

Permission of the classification of this academic work access is subject to the provisions of applicable laws, the provisions of the UP IPR policy and any

contractual obligations:

Invention (I) Yes or No

Publication (P) Yes or No

Confidential (C) Yes or No

Free (F) Yes or No

DIGITAL TRANSFORMATION OF N&T ENGINEERING ENTERPRISE

Specifically, I grant the following rights to the University:

FEDERICO GREGORIO April 22, 2022

Signature over Student Name and Date

Acceptance Page:

This paper prepared by FEDERICO GREGORIO with the title: “DIGITAL

TRANSFORMATION OF N&T ENGINEERING ENTERPRISE” is hereby accepted by the Faculty of Information and Communication Studies, U.P. Open University, in partial fulfillment of the requirements for the degree Course.

MARI ANJELI L. CRISANTO

Adviser (Date)

DR. ROBERTO FIGUEROA JR.

Program Chair (Date)

DR. DIEGO SILANG S. MARANAN Dean

Faculty of Information and Communication Studies

Biographical Sketch

Federico Gregorio (born October 6, 1976) is a resident of Binan City and is

currently working as an Information Security Architect in an Electronics Manufacturing

company based in the United States. He is a solo parent with two children with ages

22 the eldest and 17 the youngest. He is the son of a humble tricycle operator

(deceased) and a proud domestic helper in Hong Kong for ten years. At a very young

age, Jojo (nickname) has a curious mind about how things work. He would often

disassemble toys and reassemble resulting in a different toy from the original. During

his secondary school years, he was very interested in computers. He first laid eyes on

a Commodore 64 and instantly fell in love with it. When he went to college, he took

Electronics and Communications Engineering but was not good with Calculus and

failed some of his math subjects. He then transferred to another University where he

took Computer Science. His thesis was a combination of Artificial Intelligence and 3D

Computer Graphics called Virtual Pets. He pursued a career in computers and started

out as a Technical Support Engineer and was very interested in Open Source. He was

given an opportunity to work as a Network and Systems Administrator for academe

where he applied open-source solutions to manage not just the computer laboratory

but the web presence of the institution as well. He then went on to work for an

Electronics Manufacturing company for ten years as a Network Engineer. Highly

interested in the Information Security aspect of the enterprise, he decided to combine

his knowledge and skills in network and decided to pursue a career. He spent the next

seven years in another Electronics Manufacturing company as an Information Security

Architect, helping defend the organization against attacks on the organization’s data.

Acknowledgment

Special thanks to the people that made this all possible. To my batch mates and classmates in various subjects, congratulations! To the professors and teachers' untiring devotion to the class. Your patience and understanding are highly

appreciated.

Thanks to my loved ones, without their support the author would not be here typing this document. My ever-loving pets Mochi, Kitsune, and Miri for their inspiration and loyalty.

And lastly, to the frontliners who have been at it for more than two years and

the author has nothing but respect for the dedication. You are truly an inspiration for

the whole nation.

Dedication

To my family, friends, and classmates.

TABLE OF CONTENTS

Title Page i

University Permission Page ii

Acceptance Page iii

Biographical Sketch iv

Acknowledgment v Dedication vi Table of Contents vii

List of Tables viii

List of Figures ix List of Appendices x

ABSTRACT xi

CHAPTER I: THE PROBLEM DOMAIN 1

Statement of the Problem 1

Background and Objectives of the Project 1

Significance and Scope of the Project 2

Documentation of Existence and Seriousness of the Problem 2

Significance of the Study 2

CHAPTER II: REVIEW OF EXISTING ALTERNATIVES 3

CHAPTER III: APPROACH TO BE TAKEN IN THIS PROJECT 5

Theoretical Framework 5