Documente Academic
Documente Profesional
Documente Cultură
The company trusted the people around since it is a family owned business. They
hired people around the neighborhood for their workers and sometimes confidence and
trust is abused and rules are violated.
According to management, there are reports (unable to disclose copies of incident
reports for confidentiality purposes) that the wives of the employees would take meat as
the husbands planted it on the bin or conceal meat chunks through their boots.
The security guards are aware of the thefts and it happens from time to time by
outsiders. Some employees cannot distinguish a person if he is a customer or a coemployee. Cellular phones and cash, aside from the meat products are the usual target of
the thieves.
Visitors may enter the premises and wander around and must stay within the
visitors lounge and sales area. They should not be allowed to go to places beyond the
Sales Area. Visitors may include personal visitors of employees, customers, account
executives from prospective suppliers and collectors.
Furthermore, there were reports that scouts would talk to the customers and gave
them a bargain as they give out business cards to convince the customers to shift to rival
companies. The scouting problem cost the company a 2% deduction of its total earnings.
Mr. Allan Anca, the security guard of RSRH Livestock Corporation indicates the
incident as avoidable if they have the right means of identifying who goes in or out the
company and make sure that they stay where they have to stay. Visitors and customers
must stay on the selling area to avoid nomadic activities.
During the preliminary study of the subject company, the researchers were able to
interview an employee regarding the ID system presently used by the company. He had a
problem getting his remittance because he was questioned about the authenticity of his
Employee ID. Since then he only shows his postal ID and barangay ID if ever
identification is needed.
With this, the researchers of this thesis aim to help RSRH Livestock Corporation
to minimize cases of theft and scouting to protect not only company assets from such
cases but to secure the companys employees from outsider harm. And if possible, the
researchers will also device a more functional and practical ways to improve the
companys ID system as well.
Statement of the Problem
Problem of the company is mostly due to the fact that they gave more emphasis to
the product and not the security, for the owners of RSRH, the security is not an
immediate threat to the company.
In this study, the researchers are determined to answer the following questions to help the
researcher understand the importance of improving the security system of (name of
company):
1. Can a better security system be implemented to reduce, if not eliminate cases
of theft and scouting?
2. Will improvement be possible without engaging the company to hightechnology security methods?
3. Does the companys present ID system functional for the company and its
employees?
4. Is it practical to have an improved ID system within a limited budget?
5. If the company has a budget for a high-tech security system, what is the most
effective method to use?
Statement of Hypothesis
1.
2.
3.
visitors once they are inside the company premises. The familiarity of each employee is
not enough to know if a wanderer is a customer, a new employee or a scout.
The studys course is to assist a security problem within the company for the
absence of controlled identification.
The researchers objective is to determine the effectiveness of a controlled ID
system for both employees and visitors for added security measures.
Assessment
Databases and the data they contain remain tempting targets for hackers, who look to exploit the
many widespread weaknesses found in database-driven applications. Many of these weaknesses
are created by poor configuration or implementation.
The following five database-related vulnerabilities are among the most common:
SQL injection
Cross-site scripting
Data leakage
Incredibly, default or weak passwords are still often used by enterprises to protect an
online asset as important as a database, but it's a problem that's easy to fix. The remedy is
enforcing a strong password policy; that is, passwords must be changed regularly and be
at least 10 digits long and contain both alphanumeric characters and symbols. With this
policy, you will close down an attacker's easy route to your data.
SQL injection also relies on poor database implementation, specifically in regard to how
SQL queries are sent to the database. If the database accepts SQL queries generated from
user-supplied data that has not been cleaned and validated, it is open to SQL injection
attacks. For example, by modifying the expected input received from a Web-based form,
an attacker can submit malicious SQL queries and pass commands directly to a database.
To prevent this type of attack, it is essential to ensure that all user-supplied data is
validated before letting it anywhere near your scripts, data access routines and SQL
queries, and preferably use parameterized queries. Another reason to validate and clean
data received from users is to prevent cross-site scripting (XSS) attacks, which can be
used to compromise a database connected to a Web server. They work by injecting a
client-side script such as JavaScript into a Web application's output via a Web form.
These scripts are used to gather cookie data, which is often incorrectly used to store
information such as a user's account login information.
One problem that is often overlooked when building a database application is data
leakage. This is where sensitive data is transferred or made available unintentionally. The
classic mistake is failing to secure and control access to database backup tapes. A less
obvious leak is via data inference. Often more sensitive data can be inferred from
answers to valid queries on the data, such as an illness from prescribed medication. A
common solution is to monitor query patterns to detect such activity.
Closely related to data leakage is the improper handling of errors when an error occurs at
the database. Many applications display a detailed message. These error messages can
reveal information about the structure of the database, which can in turn be used to stage
attacks. By all means, log the error for your own records, but make sure your application
doesn't return any specific details about the error to users or to attackers.
To fully secure your database, split the task into the following four areas in order to
ensure a comprehensive check:
Server security
Application security
Database connections
A database server needs to be hardened in the same way as any other server to ensure that
malicious hackers cannot attack the database via vulnerabilities in the operating system.
Preferably, the database should sit behind its own application-layer firewall.
To help with the process of securing database connections and defining access controls,
create a data flow diagram that tracks how data flows through the application. Next,
identify the places where data enters or exits another application and review the trust
levels assigned to these entry and exit points. Also define the minimum privileges any
external user or process requires to access the system. Configuring and building your
database application with security as a key driver will ensure your data stays secure.
To ensure the authenticity of the ID, a control number must be given stored on a
database like Microsoft Excel spreadsheet.
For the materials to be used to make the new Company ID is enlisted as:
PVC ID kit
High quality Scissors
ID protector
Laces (two colors) blue and
yellow
The proposal for the RSRH is to have a color code for regular and temporary id laces
for easy identification of the people inside the company.
The layout or design would be approved by the board of directors for clarification and
proper contents. The researchers also made a sample for the board to examine the quality
of the ID.
CHAPTER 3
RESEARCH METHODOLOGY
This chapter discusses the methods and procedures which are essential in the
conduct of the study. The study includes (1) Research Method, (2) Sources of Data, (3)
Instrumentation, (4) Respondents of the Study, and (5) Statistical Treatment of Data.
Research Method
The method used on this study is a descriptive method. The researchers agreed
that the descriptive format because the problem is visible. (Why choose descriptive?)
Sources of Data
The researches agreed upon two ways to gather data, first is from the company
workers and the internet.
Instrumentation
Every participant on this research will be given an equal task to gather and sort
data from the internet and field interview. Primary data is collected through the company.
The researchers will be obtaining the profile of the company and asked the Human
resource department permission to ask around the employees about a new id system and
present the proposal via questionnaire. The questionnaire (refer to appendix A) has two
parts, first is a multiple choice where the correspondents will answer if they agree or
disagree and the second part would be for feedback. After the correspondents answer the
questionnaire, the data will be divided by those who agreed and disagreed. The
researchers will also take not of the comments they gave to the proposal.
Secondary data would be gathered on the answered questionnaires, and the
internet.
Respondent of the Study
The respondents of the study are the employees of RSRH. The list the researchers
would have will be given by the Human Resource Department. (Refer to appendices
must include the letter you got from the company certifying that the respondents are
indeed employed by the said co.) how many?
Statistical Treatment
The data gathered will undergo the following process: Descriptive Statistics is
concerned by the gathering, classification and presentation of the data. The summarizing
value will describe the group characteristics of the data like the average and percentages
are presented as a result of the descriptive nature