JMLogic Consultancy

JMLogic Consultancy

Share

A consultancy group designed as a knowledge and technology service provider. We serve the private an

25/11/2025

e-Governance Project Delivery Framework

Leadership and Direction for Value, Quality, and Security in Project Delivery 1. Value Delivery Governance ensures projects deliver measurable benefits aligned with funded strategy and stakeholder legitimate interests Understanding of globally influencing standards: - ISO/BS: Strategic alignment, benefits realization, continual improvement - PMI (PMBOK): Business case, value delivery system, performance domains -,PRINCE2: Business case primacy, management‑by‑exception, benefits tracking - PM²: Business case, solution definition, phase gates…...

e-Governance Project Delivery Framework Leadership and Direction for Value, Quality, and Security in Project Delivery 1. Value Delivery Governance ensures projects deliver measurable benefits aligned with funded strategy and stakeholder …

01/03/2025

Knowledge Pointer Do IT Training Guide Educators' Training on Reimagining Teaching Methodology with Artificial Intelligence Purpose: The purpose of this training is to provide educators and educational administrators with a comprehensive understanding of how artificial intelligence (AI) can transform teaching methodologies. The training aims to equip participants with the knowledge and skills needed to effectively integrate AI into the teaching and learning process, enhancing educational outcomes and promoting student engagement....

Reimagining Teaching Methodology with Artificial Intelligence Knowledge Pointer Do IT Training Guide Educators’ Training on Reimagining Teaching Methodology with Artificial Intelligence  Purpose: The purpose of this training is to provide educators…

01/03/2025

Knowledge pointer…Do IT Right Training Guide Understand the human being of cybersecurity challenges and controls. Human beings remain one of the most significant factors in cybersecurity to know and control because of the inherent unpredictability of human behavior. In the realm of cybersecurity, human beings often play a dual role as both a source of threats and a key attack vector....

Understand the human being of cybersecurity challenges and controls. Knowledge pointer…Do IT Right Training Guide Understand the human being of cybersecurity challenges and controls. Human beings remain one of the most significant factors in cybersecurity to know an…

24/09/2023

Sign of the time…

Medusa Ransomware is a known attack vector since 2021. A subject of international security alerts and mitigation measure advisories,

https://socradar.io/dark-web-profile-medusa-ransomware-medusalocker/

Philhealth security incident brings forward the question of its compliance (other government agencies) with DICT in doing the security activities required to have a Cybersecurity Compliance Certificate - DICT Dept Circular No 003 2020. It includes the activation of a CERT for security incident response.

The Department of Information and Communication and Technology (DICT) in its circular is supposed to submit to the Office of the President the names of government agencies without a cybersecurity compliance certificate

The National, sectoral and organization CERT is expected based on DICT policy to bring coordinated effort in the monitoring, detecting, alerting, and responding to security incident in the cyber of networked government agencies linked to the national security operation center of threat intelligence database at DICT.

The medusa ransomsre security incident of Philhealth is a case for the National Privacy Commission (NPC) to conduct the compliance check as defined in NPC circular 18-02 Guidelines on Compliance Checks.

The Philhealth security incident asks the question on how its governance and management acted NPC Circular 16-01 that specifies the legal obligations and security requirements to protect personal data. It includes the acquisition of competencies and resources to implement Rule VI of RA 10173 implementation regulations.

Philhealth database contains the largest number of personal data of individual that by law made member or beneficiary of Philhealth. It manages the information that can be used to operate the unified identification system of Philippine government.

Data Subject of Philhealth have right to raise privacy and security concern, or file complaint against the Personal Information Controller that fails the security measures of protecting information.

Data Subject has the right to be notified of the security incident if the breach involves personal data.

In cybersecurity, the control rules, practice standards and threat intelligence database serve as risk criteria and vulnerability indicators of a “trusted” service organization.enabled by digital technology.

When the risk criteria are undermined, security controls are not available to protect and respond.

Cybersecurity is at risk when the mandated obligations are simply resolved by legal remedies and good communication technique on the zero day of exploitation.

https://m.facebook.com/story.php?story_fbid=709329531222139&id=100064352964920

Humihiling ng pang-unawa ang sa publiko matapos maapektuhan ang operasyon nito dahil sa information security incident.

Iniimbestigahan na ng Korporasyon ang pangyayari.

06/09/2023

Agile digital worker

Training of Trainers
Digital Governance and Management

Data Protection Competency Framework
Privacy by Design and By Default

How to determine, document, and demonstrate a privacy by design and by default information system development and operation?

Privacy-by-design is embeding the data privacy principles and information security control in the development lifecycle and processes of an information and communication system project.

Privacy-by-default is the privacy setting of the released product, system, or service to operation. It automates the trigerring of the conditions and functions to exercise privacy rights, to record privacy compliance, and to communicate security control.

Personal data is protected in the information and communication system of a government agency and business enterprise when it provides the system features that make the Data Subject to exercise the privacy right, and to get assurance on the security of personal information in the device, network, storage, application and people of data processing.

It includes the by default notification and consent to trigger data processing and security measures; and the alerting of the Data Subject on security incidents that may compromise confidentiality, integrity, and availability of information.

The exercise of privacy on data is supported by information processing application that is coded to execute the principles that validate and verify the privacy and security of personal information during and after data collection, transmission, retention, use, disclosure. And disposal.

The security of information in data protection is implementation of control that define administrative, legal, physical, technical, and people requirements for the information system to behave audited indicators of information confidentiality, process integrity, system availability, delivery reliability, infrastructure resilliency, and consumer safety.

The Personal Information Controller, Personal Information Processor, Data Protection Officer, and Privacy Regulators are obligated in RA 10173 to act guided by its statutory requirements and adapted international standards on personal information (section 2 RA 20173 Implementation rule 2016)

The interest protection and benefit realization of privacy on personal protection are reported real in the evaluated impact of the information and communication system to data subject privacy rights, data processing privacy principles and lawful criteria, and personal information security control.

The privacy impact assessment observed the common standards in defining risk assessment process, privacy risk criteria, risk measuring technique, and risk mitigation approach.

The use privacy threat modeling tool is necessary to properly illustrate, analyze, and test the context of data privacy violation in the designed and operated information processing system.

Data Flow Diagram is an important visualization tool to illustrate the data workflow that represents the “what, how, and who” of data, process, and application in behaving the limiting condition of privacy and security rules.

The development requirement traceability matrix of designed, developed, and released information and communication system provides the definitive listing of specific regulatory, functional, and technical requirements in creating the personal data enabled product or services that engage a Data Subject.

The international community driven standards serve as the basic knowledge source for the methodology and metrics to support valid and verifiable understanding behind the development and operation of an information and communication system considered as “privacy by design” and “privacy by default.”

The achievement of the statutory goal for the information and communication system of government and private sector to be designed developed and operated with data privacy is guided by a common questions of understanding associated with the following:

1. System design and operation is limited by an adapted privacy framework

2. System design and operation is programmed functionality to exercise privacy rights of Data Subject

3. System design and operation is system features to enforce information security control

4. System design and operation is documented activities to respond, recover from, and investigate data breach

Foundational knowledge source for the rules and standards in developing and operating a privacy by design and by default product, system, or services:

1. ISO 27550 - Privacy engineering for system life cycle processes

2. ISO 31700 - Privacy by design for consumer goods and services

3. ISO 29100 - Privacy Frameworrk

4. ISO 29134 - Privacy Impact Assessment

5. ISO 27002 & 27701 - Privacy Information Security Controls

6. 2016 Implementing Rules and Regulations of RA 10173

7. NPC issuances on data privacy rights, privacy impact assessment, and security measures

8. EU General Data Protection Regulations (GDPR)

9. USA Health Insurance Portability and Accountability Act of 1996

10. AICPA SOC2 Trusted Service Organization audit indicators

11. Payment Card Industry (PCI) Data Security Standard (DSS)

A government agency compliant with EO 605-2007 has documented guidance that brings clarity, coherence, completeness, and consistency with the use of ISO standarts that support implementation of regulations and policy for “Privacy by Design and by Default.”

01/09/2023

Digital Governance Knowledge Pointer
-Cybersecurity Competency Framework

Cybersecurity is regulatory guidance, community standards, professional body of knowledge, threat intelligence, and security products that support first time right the coherent and complete enabling knowledge, skills, attitude and materials of doing the cybersecurity functions of identification, protection, detection, response, recovery and investigation.

Cybersecurity is reported and attested TRUST on the ability of the organization to make visible the critical information assets and risks; and to immediately and reliably plan-do-check-act the required security controls to face the active and innovative threat agents that are also consistently practicing the plan-do-check-act of realizing the objectives of the cyber-kill chain.

Cybersecurity is gathered and maintained INTELLIGENCE on the various system or product vulnerabilities, and attack surface and vector found in the cyberspace of people, policy, data, application, network, storage, middleware, and physical infrastructure of the digital technology enabled services of value creation and customer relationship.

Cybersecurity is organization, policy, process, product and provider of initiating, planning, delivering, operating, and improving the control objectives of preventing and responding to cybercrime in its variety of manifestation as SECURITY INCIDENT that undermines life, safety and privacy.

It is the FUNCTION of an authorized and funded organization in the whole enterprise to support the mandated obligations of assuring information confidentiality, process integrity, system reliability, data privacy, infrastructure resilliency, and user safety in the cyberspace of digital technology enabled services of government and private sectors.

Cybersecurity is ex*****on of the activities and delivery of results that are commonly linked to the end to end responsibilities of the CHIEF INFORMATION/CYBER SECURITY OFFICER and TEAM.

1. Protect, shield, defend, prevent
2. Monitor, hunt, detect
3. Respond, recover, sustain
4. Management, governance, compliance, education, risk management

Cybersecurity is OVERSIGHT on the implementation of agreed standards in security governance, asset visibility, risk and vulnerabilty assessment, secured acquisition and supplier security, regulatory compliance, and security operation.

It is an assurance platform for the organization to continuously deliver and improve what governance and management have agreed on what to achieve; what to maintain; what to prevent; and what to eliminate in demonstrating “safe cyberspace” of data, people and infrastructure of digital government, business, and home.

Cybersecurity is HUMAN ERROR to be admitted and resolved with appropriate awareness building, professional certification, and security alerts to act first time right the safety requirements of human digital presence in the cyberspace.

The common questions of understanding quality in the cybersecurity performance of government agency and business enterprise.

1. Value, threat, regulatory, and supplier context of cybersecurity

2. Good governance and management framework on cybersecurity

3. International community driven standards and published regulation on cybersecurity principles, performance and practices

4.. Organization, function, roles, and competency in achieving the statutory goals, and regulatory objectives of cybercrime prevention, response, and investigation, national cybersecurity plan, and NCERT.

5. Cyberkill chain, threat modeling, vulnerabity intelligence and assessment, and risk management

6. Methodologies and technologies of cybersecurity security control, and incident response and investigation

7. Training plan, user alert system, and professional competency certification on cybersecurity management and technology

The validation and verification of the right things to do in securing the sovereign cyberspace are done first time right with identified, analyzed, mapped and applied statutory and regulatory requirements, adapted international community driven practice standards, and threat intelligence database of globally recognized interest group and security product developers.

The networked society of globalization is connected trade, technology, knowledge, cybercrime, and Internet security.

Critical cybersecurity guidance finds its foundational knowledge source from countries that are considered principal in regulating the design, development, deployment, and operation of products and services that make up the cyberspace of the digital economy.

Cybersecurity in the digital economy is interest protection and benefit realization of its stakeholders that ensue from a cyberspace that behaves information confidentiality, process integrity, system availability. Infrastructure resilliency, data privacy, and consumer safety.

To join: https://forms.gle/bXgzKdrefiEs5RD66

03/08/2023

Agile digital worker

Training of Trainors
Data Protection Competency Framework

Reviewing the knowledge and skills requirements of a competent Data Protection Officer (DPO)

DPO is an independent oversight role in the organization created by a Personal Information Controller to assure the provision of right direction and control in protecting the collected, retained, used, shared and disposed personal data against privacy violation and cybercrimes related to personal information security.

The determination, description and documentation of the competency requirement of a qualified DPO start right with identification and analysis of the mandated responsibility communicated in the regulatory guidance.

Certified knowledge and skills of a DPO fulfill the achievement of the work objectives associated with the responsibilities that are listed in its enabling regulation.

NPC Advisory 2017-01 DESIGNATION OF DATA PROTECTION OFFICERS is the valid source of understanding the role, accountability, and responsibility to associate the set of knowledge, skills and attitude for fulfilling the objectives of DPO function.

A DPO standards behind the EU GDPR implementation is knowledge source to properly understand the adopted language and concept on DPO in RA 10173 implementing regulation.

The ability to point and use the knowledge source of a derivative work on data protection guidance is critical to the provision of acceptable, actionable, and auditable understanding of mandated performance, irregardless of certification brands.

The DPO certfying organization and training providers are by default use the statutory and regulatory requirements that validate competency standards fitted to the mandated accountability and responsibility of a DPO.

edps.europa.eu

PNS Advisory Adoptions - National Privacy Commission 03/08/2023

Agile digita worker…
Knowledge Pointer

Data Protection Officer (DPO) is oversight role in data protection that is made right to do the right things first time right by openly published statutory requirements and international community driven standards to associate the first principles, privacy rights, risk criteria, control practice, regulatory compliance, and good governance in data privacy, information security, and cybersecurity.

DPO represents valid and verifiable understanding, decision, and work in the exercise of privacy rights on data; in the application of privacy principles in data processing; and in the security of information management asset linked to personal data.

DPO reads in full, and acts with completeness the data protection oversight objectives with adopted standards of pubished regulations.

DPO certification is acceptable, actionable, and auditable understanding of rules supported by statutory requirements and adopted international standards on protection of privacy and security of personal information.

In the Philippine the implemntating rules of RA 10173 - Data Privacy Act of 2012, clearly states - “Section 2. Policy. These Rules further enforce the Data Privacy Act and adopt generally accepted international principles and standards for personal data protection.”

PNS Advisory Adoptions - National Privacy Commission NO. 2021-004 - PNS ISO/IEC 29134 – Information technology – Security techniques […]

Open Source Platform - National Foundational Id - MOSIP 30/07/2023

Knowledge pointer…

National ID system is tool of sustainable development to bring identification, inclusivity, availability, transaction and security within the digital technology enabled services of government and business.

The technical requirements that fulfill the national ID statutory goals and regulatory objectives are made transparent and participated with knowing the framework, methods and technology of adopted product and services to bring transactional ID in the national digital system of ease of doing business and data privacy.

A national ID captures, stores, and shares personal data necessarry for legitimate identification of a person to fulfill authentication, authorization, and accounting requirements of business or service delivery process. The registration record, biometric information, secured digital signature specimen, and registered SIM card are critical related information for identity validation and verification of a national citizen ID to support ease of doing business and efficiency in service delivery. There are existing rules, policy and standards to support content and use of a transactional national citizen ID.

MOSIP for Governments is interesting study in building national ID system.

Open Source Platform - National Foundational Id - MOSIP The Modular Open Source Identity Platform (MOSIP) helps Governments and other user organizations implement a digital, foundational identity system in a cost effective way. Read More!

SONA 2023 30/07/2023

Agile digital worker…

Reviewing the actionability of the incumbent power’s promise of digital governance

Essential questions of plan-do-check-act to report the achieved goals of digital transformation within the time horizon of its funding sponsor, project owner, project management, and operation team.

Q1:
What value to create
What value to maintain

Q2:
What risk to prevent
What risk to eliminate

Q3:
How value is created
How value is maintained

Q4:
How risk is prevented
How risk is eliminated

Q5:
Who is governance of accountability
Who is management of responsibility
Who is work of delivery-results

Q6:
When is miminum viable product released
When is minimum viable product integrated

Q7:
Where is location of consumer satisfaction
Where is location of sustained citizen support

Digital transformation of government and business is understanding, decision, and work that ensue from transparent, participated, and funded model of what to achieve, maintain, prevent and eliminate with digitalization of ease of doing business and efficiency in service delivery.

Basic requirements to actionability and auditability of sponsored deliverables of digital governance in government are well known in the rules and standards of practice:

1. GCIO organization, job roles, and plantilla position

2. Competency standards and certification to support governance and management of ICT in the organization

3. Quality management system in ICT service delivery and support, and master data

4. Cybersecurity Officer organization to support cybersecurity function and data protection

5. Cloud computing approach, service outsourcing, and public-private partnership.

6. Re-engineering of systems to match model of quality service and automation

7. Regulatory Impact Assessment to align laws, regulation and policy to principles and practices of ease of doing business and service delivery efficiency

8. National master data management, national identification system, digital signature, and free wifi of service interoperation and data driven governance.

SONA 2023

Want your business to be the top-listed Computer & Electronics Service in Marilao?
Click here to claim your Sponsored Listing.

Telephone

Address

Marilao
Marilao