(NAR) VOL. 9 NO. 2 / APRIL - JUNE 1998
Security Breach/Violation | refers to non-compliance to set policies and guidelines as embodied in the Physical Security Manual. |
Gravity of Offense | refers to the seriousness of an offense which is classified into Grave Offense, Less Grave and Light. |
Technical Sanction | penalties to be imposed including any of the following: suspension/deletion of account, change of assignment, etc. |
Functional Sanction | penalties to be imposed pursuant to Executive Order No. 292 (Civil Service Law) and its implementing rules and regulations such as: suspension of personnel, dismissal from service, etc. Such cases are usually coursed through the Internal Affairs Service. |
1.1 Hardware2. Each Head of Office is required to designate a Security Officer who shall monitor strict implementation of the set security guidelines.
1.2 Software
1.3 Data
1.4 Network
1.5 Operating System
1.6 Printed Data
1.7 Computer Media
1.8 Computing Environment
3.1 Ask for written explanation from respondent.4. The Security and Access Committee shall:
3.2 Request to convene the Security and Access Committee (SAC) in order to determine the gravity and the nature of the violation committed and the corresponding penalty (whether technical or functional sanctions) to be imposed based on initial reports as well as respondent's explanation.
4.1 Classify violation committed based on list of nature of offense(s) stated above.4.3.1 Only one penalty shall be imposed for each case. "Each case" means one administrative case which may involve one or more charges or counts.
4.2 Determine severity of any known violation and recommend corresponding sanctions as stated above.
4.3 Be guided by the policies set forth in Executive Order No. 292 (Civil Service Law) and its implementing rules and regulations:
NATURE OF OFFENSE | SANCTIONS | ||
1st offense | 2nd offense | 3rd offense | |
Gross neglect of duty | Dismissal | ||
e. g. Unsecured superuser and other powerful accounts | |||
Grave misconduct | Dismissal | ||
e.g. -installation of unauthorized software -unauthorized copying of BIR software -unauthorized physical access to machines(PCs and servers) holding applications or data -unauthorized access to external storage media (tape cartridges, floppy disks, etc) -adding an unauthorized PC to the network -unauthorized user access to Other BIR offices -unauthorized access to the Operating System -unauthorized access to the Integrated Tax System -unauthorized access to sensitive data in the database -unauthorized access to printed output from database (reports, correspondence, etc.) -unauthorized users gaining access to the system via logged-in workstations | |||
Falsification of official document | Dismissal | ||
e.g. -tampering with Operating System files -unauthorized tampering of applications, alteration of text files - reports. correspondences, etc. - created or used by other applications -tampering with the database structures and permissions -tampering of database records by unscrupulous users | |||
Receiving for personal use of fee, gift or other valuable thing m the course of official duties or in connection therewith when such fee, gift or other valuable thing is given by any person in the hope of expectation of receiving a favor or better treatment than that accorded to other persons or committing acts punishable under the anti-graft laws | Dismissal | ||
e.g. -connivance with technical personnel to get their desired results | |||
NATURE OF OFFENSE | SANCTIONS | ||
1st offense | 2nd offense | 3rd offense | |
Disclosing or misusing confidential or classified information officially known to him by reason of his office and not made available to the public, to further his the public interest undue advantage to anyone, or to prejudice private interests or give | Suspension for six (6) mos. & one (1) day to one f 1) year | Dismissal | |
Directly or indirectly having financial and material interest in any transaction requiring the approval of his office.Financial and material interests is defined as pecuniary or proprietary interest by which a person will gain or lose something | Suspension for six (6) mos. S one (1) day to one (1) year | Dismissal | |
Conduct grossly prejudicial to the best interest of the service | Suspension for six (6) mos. & one (1) day to one (1) year | Dismissal | |
e.g. theft of technical handbooks |
NATURE OF OFFENSE | SANCTIONS | |
1st offense | 2nd offense | |
Simple misconduct | Suspension for one month and one day to six months | Dismissal |
e.g. unauthorized access to communication links dissemination of false information |
NATURE OF OFFENSE | SANCTIONS | ||
1st offense | 2nd offense | 3rd offense | |
Violation of reasonable rules and regulations | Written reprimand to be included in respondent’s 201 files | Suspension for one to thirty days | Dismissal |
e.g. mis-labeling of tapes loading of virus infected files to network environment unauthorized access to technical manual |