Status : Verified
| Personal Name | Tuazon, Mark Gil D. |
|---|---|
| Resource Title | Cybersecurity assessment and roadmap towards a digitally resilient Department of Public Works and Highways |
| Date Issued | 23 May 2026 |
| Abstract | The rapid shift toward digital transformation within the Philippine government has increased government agencies' vulnerability to sophisticated cyber threats. Notable incidents, such as the 20216 Comelec data breach, where voters' personal identifiable information (PII) were leaked, resulting in an estimated ₱1.2 billion to remediate the data leak, and the 2017 Department of Public Works and Highways (DPWH) data breach that exposed personal information, highlighted the urgent need for robust cybersecurity measures. This study addressed the necessity for a structured approach to safeguard digital assets and ensure public trust in government infrastructure services. It utilized the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (CSF 2.0) to conduct a comprehensive assessment of DPWH’s current cybersecurity posture. The assessment was based on the six (6) core functions of the framework: Govern, Identify, Protect, Detect, Respond, and Recover. Through this methodology, the researcher identified gaps that served as a foundation for a cybersecurity roadmap. The assessment revealed that DPWH is at Level 2 (Documented) of cybersecurity maturity. While foundational technologies like endpoint protection and network firewalls were in place, they were not fully integrated in their cybersecurity system. Key findings included (1) governance gaps, where compliance was primarily documentation-driven; (2) operational weaknesses, as the Detect and Respond functions were identified as the weakest areas due to a lack of active management, threat visibility, and formal incident response plans (IRP); (3) capability constraints, the absence of a dedicated cybersecurity team and limited internal expertise severely hampers the department's ability to react quickly to incidents. The study concludes that DPWH’s resilience is limited by fragmented security operations and a reactive risk management approach. To transition to a proactive and resilient |
| Degree Course | Master of Technology Management |
| Language | English |
| Keyword | Cybersecurity; Assessment; Roadmap |
| Material Type | Thesis/Dissertation |
Preliminary Pages
80.00 Kb
Category : C - Confidential information of a third-party is embedded.
Access Permission : Limited Access