Internet, Intranet and Extranet

 The Internet: a network of networks servicing the NSFNET

users worldwide

 Intranet: an organization's private network that uses By 1991, the NSFNET's backbone network service has been
Internet technology upgraded to T3 (45 Mbps) links.

 Extranet: The intranet that some of its functions are

accessible to the organization's business partners
Internet Policy and Deregulations

Originally, commercial traffic was forbidden on the Internet,

The Internet because the major portions of these networks were funded

Three aspects of the Internet evolution by the various national governments and research
organizations.
 Capacity growth

 Application and traffic growth

In the early 1990s, commercial networks began connecting
 Internet policy change
into these networks, opening it to commercial traffic.

Internet Capacity
vBNS Components
ARPANET (1969): The Internet was started by the U.S.
Department of Defense as a network of four computers.

- 1974, 62 hosts

- 1983, 1000 hosts

- 1989, decommissioned

NSFNET (1986): Built up by National Science Foundation

with a 3-tier structure

- 1987, 10,000 hosts in the Internet, 1000 in BITNET

- 1988, upgraded to T1 (1.544 Mbps).

- 1991, upgraded to T3 (45Mbps) The vBNS is accessible to select application sites through
four NAPs in New York, San Francisco, Chicago, and
- 1995, decommissioned
Washington, D.C.
vBNS (1995): 622Mbps in 1995

vBNS+ (now): 2.5 Gbps (or more)

The vBNS is mainly composed of OC3 /T3.

NAP

Network access point (NAP)

 The NAP is defined as a high-speed network or

switch to which a number of routers can be
connected for the purpose of traffic exchange.
 NAPs must operate at speeds of at least 100 Mbps 8. The right to data portability
and must be able to be upgraded as required by
demand and usage.
ISO
 The concept of the NAP is built on the FIX
(Federal Internet eXchange) and the CIX About ISO:
(Commercial Internet eXchange), which are built
ISO (International Organization for Standardization) is
around FDDI rings with attached Internet
the world's largest developer and publisher of International
networks operating at speeds of up to 45 Mbps.
Standards.

ISO is a network of the national standards institutes of

Some vBNS Facts (2001) 157 countries, one member per country, with a Central
Secretariat in Geneva, Switzerland, that coordinates the
- Speed: 2.5 Gbps (OC-48)
system.
- Multi-protocol Label Switching (MPLS)
ISO is a non-governmental organization that forms a
- 0.001% Packet loss and 100% availability bridge between the public and private sectors. On the one
- both unicast and multicast hand, many of its member institutes are part of the
governmental structure of their countries, or are mandated
- IPv6 enabled
by their government. On the other hand, other members
- Extends to Europe and Asia have their roots uniquely in the private sector, having been
set up by national partnerships of industry associations.

Therefore, ISO enables a consensus to be reached on

Abilene
solutions that meet both the requirements of business and
- Abilene is an advanced backbone network that the broader needs of society.
supports the development and deployment of the new
applications being developed within the Internet2
community. Abilene connects regional network aggregation The ISO History
points, called gigaPoPs, to support the work of Internet2
ISO is the world largest standards developing
universities as they develop advanced Internet applications.
organization. Between 1947 and the present day, ISO has
Abilene complements other high-performance research
published more than 16 500 International Standards,
networks.
ranging from standards for activities such as agriculture and
construction, through mechanical engineering, to medical
devices, to the newest information technology
developments.
Data Privacy Rights
Given the multi-sector scope of the organization, it
1. The right to be informed would be hard to present an historical perspective

2. The right to access summarizing the challenges, the passion, the outstanding
achievements or, sometimes, the missed opportunities, in
3. The right to object
the large variety of sectors covered by ISO’s technical
4. The right to erasure or blocking work.

5. The right to damages We have therefore chosen to highlight the key markers
in the history of the organization from a general
6. The right to complain
perspective.
7. The right to rectify
Founding Subscriber Members

ISO was born from the union of two organizations - the Subscriber membership has been established for
ISA (International Federation of the National Standardizing countries with very small economies. Subscriber members
Associations),. established in New York in 1926, and the pay reduced membership fees that nevertheless allow them
UNSCC (United Nations Standards Coordinating to maintain contact with international standardization.
Committee), established in 1944.

In October 1946, delegates from 25 countries, meeting

DATA PRIVACY ACT (DPA)
at the Institute of Civil Engineers in London, decided to
create a new international organization, of which the object RA 10173 – Approved August 12, 2012 by President S.
would be "to facilitate the international coordination and Benigno Aquino III

unification of industrial standards". The new organization, RA 10173 IRR – September 9, 2016
ISO, officially began operations on 23 February 1947.
DICT Founded – June 9, 2016

NPC Formed – March 7, 2016

ISO Members

ISO is made up of 157 members which are divided into

What is the DPA?
three categories:
1. Member bodies, - Fully titled, An Act Protecting Individual Personal
Information in Information and Communications Systems
2. Correspondent members,
in the Government and the Private Sector, Creating for this
3. Subscriber members. Purpose a National Privacy Commission, and for Other
Purposes” the DPA aims to protect the fundamental human
right of privacy, of communication while ensuring the free
Member Bodies
flow of information to promote innovation and growth.
A member body of ISO is the national body "most
representative of standardization in its country". Only one
such body for each country is accepted for membership of KEY DPA ACTORS
ISO. Member bodies are entitled to participate and exercise National Privacy Commission (NPC)
full voting rights on any technical committee and policy
- independent body mandated to implement the DPA
committee of ISO.
Data subject

- an individual whose personal data is processed

Personal Information Controller (PIC)

- a natural or juridical person, or any other body who

controls the processing of personal data
Correspondent Members
Personal information processor (PIP)
A correspondent member is usually an organization in
- a natural or juridical person, or any other body to
a country which does not yet have a fully-developed
whom a PIC may outsource or instruct the processing of
national standards activity.
personal data
Correspondent members do not take an active part in
the technical and policy development work, but are entitled
to be kept fully informed about the work of interest to them.
What is Personal Information (PI)
 PI refers to any information from which the identity of Pillar Reference
an individual is apparent or can be reasonably and directly
1. Appoint a Data Protection
ascertained, or when put together with other information NPC Advisory 2017 - 01
Officer
would directly and certainly an individual.
2. Conduct a Privacy Impact
NPC Advisory 2017 – 03
Assessment
Criteria for Lawful Processing of PI
3. Have a Privacy
 Consent Management Program & PMP Guide in NPC
codify it into a Privacy Privacy Toolkit
 Contract with individual
Manual
 Vital interest / Life and Health
NPC Circular 2016 – 01;
 Legal obligation 4. Implement data privacy &
DPAC in NPC Privacy
protection measures
 National emergency / public order & safety, as Toolkit
prescribe by law
5. Exercise Breach Reporting
NPC Circular 2016 - 03
Procedures

What are a PIC or PIP’S Primary Obligation ?

1. Adhere to data privacy principles What is Sensitive Personal Information (SPI)?

 Transparency SPI refers to info about n individual’s:

 Legitimate purpose  Race

 Proportionality  Ethnic

2. Uphold data subject rights  Marital Status

 Information  Age

 Erasure or blocking  Color

 Access  Religious, Philosophical o affiliations

 To object  Health, education, genetic or sexual life

 Data Portability  Proceeding for any offense committed or alleged

to have been committed by an individual
 To file a complaint
 Government-issued IDs
 Rectification
 Those established by an executive order or an act
 To damages
of congress to be kept classified
3. Implement security measures

 Organizational
Exemptions
 Physical
Applies not to the PIC/PIP but only to personal data relating
 Technical to:

 Matters of public concern

5 Pillars of Data Privacy Accountability & Compliance  Journalistic, artistic or literary purposes
  Research purposes, intended for a public benefit  Other means to demonstrate compliance

 Performance of law enforcement or regulatory 4. Privacy and Data Protection in day to day operations
functions of public authority (e.g. Secrecy of Bank
 Valid Privacy Notice in Website and/or
Deposits Act, Foreign Currency Deposit Act,
within organization (where collection of
CISA)
personal data occurs)
 Compliance of BSP-regulated banks & financial
 Consent forms for collection and use of
institutions with the CISA, AMLA & other
personal data
applicable laws
 List of Policies and Procedure in place that
 Residents of foreign jurisdictions w/ applicable
relate to privacy and data protection (may be
data privacy laws
in privacy manual)
 Exemptions are only allowed to the minimum
 Policies and Procedure in dealing with
extent needed to achieved purpose, w/
requests for information from parties other
consideration to requirements of other regulations.
than the data subjects(media, law
enforcement, representatives)

How Compliant are you?  Data subjects informed of rights through

privacy notices, and other means
Evidence of Compliance
 Form or platform for data subjects to request
1. Established Data Privacy Governance
copy of their personal information and
 Designed/Appointment Papers/ Contract of the request correction
DPO and/ or DPO team
 Procedure for addressing complaints of data
 Other means to demonstrate compliance subjects

2. Privacy Risk Assessment  Certificate of registration and notification

 Designed/Appointment Papers/ Contract of the  Other means to demonstrate compliance

DPO and/ or DPO team
5. Manage Security Risks
 Inventory of personal data processing system
 Data Center and Storage area with limited
 Visible announcement showing the contact physical access
details of DPO (e.g. website, privacy notice)
 Report on technical security measures and
 Phase I – Registration Form (Notarized) information security tools in place

 Privacy Impact Assessment (PIA) report  Firewalls used

 Other means to demonstrate compliance  Encryption used for transmission

3. Maintain Organization Commitment  Encryption used for storage

 Privacy Manual  Access Policy for onsite, remote and online

 List of activities on privacy and data access

protection  Audit logs

 List of key personnel assigned  Back-up solutions

responsibilities for privacy and data
 Report of Internal Security Audit or other
protection within the organization
internal assessments
  Certification or accreditations maintained  Other means to demonstrate compliance

 Vulnerability Assessment 9. Continuing Assessment and Development

 Penetration Testing for applications and  Policy for Conduct if PIA (may be manual)
networking
 Policy on conduct of Internal Assessments
 Other means to demonstrate compliance and Security Audits

6. Data Breach Management  Privacy Manual contains policy for regular

review
 Schedule of breach drills
 List of activities to evaluate Privacy
 Number of Trainings conducted for internal
Management program (survey of customer,
personnel on breach management
personnel assessment)
 Personnel Order constituting the Data Breach
 Other means to demonstrate compliance
Response Team
10. Manage Privacy Ecosystem
 Incident Response Policy and Procedure
(may be in Privacy Manual)  No. of training and conference attended on
privacy and data protection
 Record of Security incidents and personal
data breaches, including notification for  Policy papers, legal or position papers, or
personal data breaches other research initiatives on emerging
technologies, data privacy best practices,
 Other means to demonstrate compliance
sector specific standards and international
7. Manage Third Party Risks data protection standards

 Data Sharing Agreements  No. of management meetings which included

 List of recipients of personal data (PIPs, other privacy and data protection in the agenda

PICs, service providers, government  Other means to demonstrate compliance

agencies)

 Review of Contract with PIPs

 Review of Contracts for cross-border

transfers ISO-IEEE

 Other means to demonstrate compliance ISO, IEEE Seek to Strengthen Partnership for
Development of Int'l Standards
8. Human Resource Management
June 16, 2008 // Published as a news service by IHS
 No. of employees who attended trainings on
privacy and data protection

 Commitment to comply with Data Privacy The International Organization for Standardization
Act as part of Code of Conduct or through (ISO) and the Institute of Electrical and Electronics
written document to be part of employee files Engineers Inc. (IEEE) signed an agreement aimed at
increasing their cooperation in developing international
 Certificate of Training of DPO
standards. The agreement initially focuses on the subjects of
 Certificate of DPOs information technology, intelligent transport systems and
health informatics.
 NDAs or confidentiality agreements

 Security Clearance Policy

 The partner standards development organization  There are so many uses for data communication that it
(PSDO) cooperation agreement provides opportunities to is impossible to list them all in a single lecture. Here
adopt and jointly develop international standards to serve are just a few examples:
the global marketplace.
 Communicating with friends, relatives and
The PSDO cooperation agreement between the two associates using telephones, email.
organizations seeks to optimize stakeholder resources in the
 Accessing information for research, news,
development of standards where both ISO and IEEE have
entertainment or simply curiosity.
expertise, and to shorten time to market.
 Controlling remote devices such as robots.
According to the organizations, the agreement
facilitates processes for the joint development of standards Where is Data Communication Used?
and for adopting each other's standards.  Data communications is becoming all pervading.
"Strengthening partnerships with standards Like computers, we are increasingly seeing data
development organizations having a global reach is one of communications all around us. Here a some
ISO's strategic objectives, and this agreement with IEEE examples:

will help to optimize resources, shorten timeframes and  In education it is used to disseminate teaching
reinforce the collection of ISO international standards in a material.
coherent and consistent manner," said Alan Bryden, ISO
 In medicine it is used to allow specialists to
secretary-general.
diagnose the ailments of distant patients.

 In science it is used to share ideas and insights.

Data Communication in Business

Introduction to Data Communications
 Data communication is becoming increasingly
Why Have Data Communcation Networks? important in business.

 Data Communication networks were developed to  It is used to communicate with associates and
allow users to share information and resources. keep them informed of situations and events.

 They allow information to be sent more quickly,  It is used to keep customers informed of products,
more accurately and at less cost than was possible services and promotions.
before their existence.
 It is used to improve customer service.
The Data Communication Explosion
 It is used to maintain control over finances, stock
 In the last two decades, the growth of digital and manufacturing systems.
data communication networks has been
History of Data Communication - Semaphore
phenomenal - and not just in the development of
the Internet!  Communication has always been vital to the growth
and development of human society.
 Many traditional telephone systems have
converted to using digital data communication  One major problem confronted early societies - how to
networks behind the scenes. communicate over large distances.

 Cellular (portable) telephones use digital data  One solution was to use either hand signals or
communication networks mechanically operated signals known as semaphore.
This, however, required each station to be in sight of
How is Data Communication Used?
the next.

History of Data Communication - Electrical

 In the 19th century, a system using electricity was History of Data Communication - Microwave
devised. The first telegraph lines were opened in
 In 1968, the first microwave radio system was used.
1843 between Paddington and Slough by the Great
Western Railway.  Microwaves can be sent from one station to another as
long as they are in line of sight (microwave can
 In 1872-6, Alexander Graham Bell invented the
penetrate walls and fog).
telephone. The first commercial telephone lines were
installed in 1877.  The advantage of using microwave links is that they
are cheaper than installing a land line.
History of Data Communication - Radio
 Low power microwaves are used.
 Guglielmo Marconi constructed the first practical radio
telegraph and, in 1901, he succeeded in transmitting a History of Data Communication Networks
radio signal across the Atlantic.  In the late 1960s and early 1970s, networks were not
 In the first part of the 20th century, radio evolved and designed to allow users on different networks to share
became increasingly important for long distance information and resources (such as printers).
communication.  In the early 1970s, several groups began developing

History of Data Communication - T.V. the concept of internetworking. Internetworking

allowed computers on different networks to connect
 In 1926, John Logi Baird gave the first demonstration
and exchange information.
of the television.
 Internetworking was pioneered by the ITU-T
 The BBC made its first experimental TV broadcast in
(International Telecommunication Union), the ISO
1929 (it had 30 scan lines).
(International Organization for Standardization) and
 In the near future, analogue TV signals will be the developers of ARPANET (Advance Research
replaced by digital signals. Projects Agency Network).

History of Data Communication - Computer  ARPANET was developed for the U.S. Department of
Defense as an attack resilient communication system.
 In 1940, Bell laboratories began experimenting with a
communications system using the COMPLEX  ARPANET was used primarily for Research and
computer. This was the forerunner of the Development purposes.
teletypewriter.
 By the mid-1980s, ARPANET became more
 In 1954, IBM introduced a system called Remote Job commonly known as the Internet.
Entry (RJE) that allowed a terminal to forward records
 Throughout the 1970s and 1980s, telephone companies
to a host computer and receive reports back.
have been replacing their analogue equipment with
digital equipment.

 This change has come about because digital equipment

has become cheaper, more reliable and more flexible
History of Data Communication - Satellite
than their analogue counterparts.
 In 1958, the US launched its first communications
satellite. It formed part of an early warning radar
system.

 1963 saw the launch of the first geosynchronous

satellite, SYNCOMII. At a distance of 35,880 km
(22,300 miles), such a satellite appears stationary in the
sky.
Standards  Advantages of Open System:

 An object of procedure considered by an authority or  Customer choice

by general consent as a basis of comparison.  Compatibility between vendors

 Authoritative principles or rules that imply a model or  Competition by smaller companies

pattern for guidance by comparison
 Disadvantages of Open System:
Data Communications Standards
 Less production control
 Guidelines that have been generally accepted by the
 Increased difficulty acquiring agreement between
data communications industry
vendors for changes or updates.
 Outlines the procedures and equipment configurations
that help ensure an orderly transfer of information
between data communications equipment or networks

Major Areas of Interest

 Software Standards Organizations for Data Communications

 Programming language ISO – International Organization for

Standardization
 Electrical and Cable interface
ITU-T – International Telecommunications Union
 Transmission media
– Telecommunications Sector
 Communications signal
IEEE – Institute of Electrical and Electronics
 Format compatibility Engineers

Two Basic Types of Standards ANSI – American National Standards Institute

 Proprietary – Manufactured and controlled by one EIA – Electronics Industry Association

company
TIA – Telecommunications Industry
 Open System – Architecture is available to anyone/any Association
company can produce a compatible equipment
IAB – Internet Architecture Board
Advantages/Disadvantages
IETF – Internet Engineering Task Force
 Advantages of Proprietary:
IRTF – Internet Research Task Force
 Tighter control
NIST – National Institute of Standards and
 Easier consensus Technology

 Monopoly NECA – National Exchange Carriers Association

 Disadvantages of Proprietary: COS – Corporation for Open Systems

 Lack of choice for customers EDI – Electronic Data Interchange

 Higher financial investments EDIFACT – Electronic Data Interchange for

 Overpricing Administration Commerce and

Transport.
 Reduced customer protection against
manufacturer going out of business