CHAPTER 1

THE PROBLEM AND ITS BACKGROUND

Introduction
Security is an obligation of the company to protect the common interest of both
employees and customers. Having a controlled identification system can minimize
unauthorized persons entering the company premises. Hence, reducing if not eliminate
cases of theft and scouting.
The security of a company is not just based on guards and technology. It is the
trust of the management to their subordinates that they can do better judgment. But there
are things that they control like the theft and scouting.
The researchers saw a flaw in the current security and they wanted to have a
working system that can enhance the current security status of the company.
A company that practices security understands the need of a controlled system to
minimize unwanted activities like theft and scouts.
Background of the Study
RSRH Livestock Corporation is a slaughterhouse located at (please type in the
address) that relies heavily to the neighborhood for workers. Most of the workers are
related or known to the owners family. With such familiarity and also to the guards,
security is not a priority.

The company trusted the people around since it is a family owned business. They
hired people around the neighborhood for their workers and sometimes confidence and
trust is abused and rules are violated.
According to management, there are reports (unable to disclose copies of incident
reports for confidentiality purposes) that the wives of the employees would take meat as
the husbands planted it on the bin or conceal meat chunks through their boots.
The security guards are aware of the thefts and it happens from time to time by
outsiders. Some employees cannot distinguish a person if he is a customer or a coemployee. Cellular phones and cash, aside from the meat products are the usual target of
the thieves.
Visitors may enter the premises and wander around and must stay within the
visitors lounge and sales area. They should not be allowed to go to places beyond the
Sales Area. Visitors may include personal visitors of employees, customers, account
executives from prospective suppliers and collectors.
Furthermore, there were reports that scouts would talk to the customers and gave
them a bargain as they give out business cards to convince the customers to shift to rival
companies. The scouting problem cost the company a 2% deduction of its total earnings.
Mr. Allan Anca, the security guard of RSRH Livestock Corporation indicates the
incident as avoidable if they have the right means of identifying who goes in or out the
company and make sure that they stay where they have to stay. Visitors and customers
must stay on the selling area to avoid nomadic activities.

During the preliminary study of the subject company, the researchers were able to
interview an employee regarding the ID system presently used by the company. He had a
problem getting his remittance because he was questioned about the authenticity of his
Employee ID. Since then he only shows his postal ID and barangay ID if ever
identification is needed.
With this, the researchers of this thesis aim to help RSRH Livestock Corporation
to minimize cases of theft and scouting to protect not only company assets from such
cases but to secure the companys employees from outsider harm. And if possible, the
researchers will also device a more functional and practical ways to improve the
companys ID system as well.
Statement of the Problem
Problem of the company is mostly due to the fact that they gave more emphasis to
the product and not the security, for the owners of RSRH, the security is not an
immediate threat to the company.
In this study, the researchers are determined to answer the following questions to help the
researcher understand the importance of improving the security system of (name of
company):
1. Can a better security system be implemented to reduce, if not eliminate cases
of theft and scouting?
2. Will improvement be possible without engaging the company to hightechnology security methods?

3. Does the companys present ID system functional for the company and its
employees?
4. Is it practical to have an improved ID system within a limited budget?
5. If the company has a budget for a high-tech security system, what is the most
effective method to use?
Statement of Hypothesis
1.

An improved and controlled security system, which is to be implemented to

screen and monitor employees and visitors coming in and out of the
company, will prevent cases of thefts and scouting inside the company
premises.

2.

A change in the ID system will enable the company to distinguish

employees from outsiders.

3.

An improved ID system will be much functional than the present one.

In this study, the researchers will focus on monitoring the employees and

visitors once they are inside the company premises. The familiarity of each employee is
not enough to know if a wanderer is a customer, a new employee or a scout.
The studys course is to assist a security problem within the company for the
absence of controlled identification.
The researchers objective is to determine the effectiveness of a controlled ID
system for both employees and visitors for added security measures.

Significance of the Study

This study aims to explain the importance of a controlled ID system for a medium
sized company like (type in companys name) to further enhance the security. To
understand what are different kinds of Identification fraud and the laws against it. The
researchers wanted to know the proper contents of an Identification card before
presenting it to the company.
This study will be of significance to the company to have a better understanding
of the importance of a controlled ID system for tracking and handling customers.
This study is equally significant to the employees of (type in companys name),
for an improved and controlled security system will protect them from theft and restrain
them from doing such activities.
Scope and Limitation of the Study
The researchers aim is to demonstrate a working security measure by a controlled
ID system for both employees of (type in companys name) and its visitors for mutual
security.
The information that the researchers will gather will be about the improvement of
a security system without using the aid of high-tech methods. The researchers aims to
prove that the subject company will be able to prevent theft and scouting incidents from

happening by just improving the manual processes of security through proper

identification, inspection, monitoring and documentation.
DEFINITION OF TERMS
CHAPTER 2
REVIEW OF RELATED LITERATURE AND STUDIES
This chapter discusses about database security and its importance. It will also
discuss identity fraud and software that is for database security.
Foreign Literature
What is an ID?
An identity document (also called a piece of identification or ID) is any document
which may be used to verify aspects of a person's identity. If issued in the form of a
small, mostly standard-sized card, it is usually called an identity card (IC). In some
countries the possession of a government-produced identity card is compulsory while in
others it may be voluntary. In countries which do not have formal identity documents,
informal ones may in some circumstances be required.

WHAT IS A Bundy Clock?

Assessment

Databases and the data they contain remain tempting targets for hackers, who look to exploit the
many widespread weaknesses found in database-driven applications. Many of these weaknesses
are created by poor configuration or implementation.

The following five database-related vulnerabilities are among the most common:

Poor password policies

SQL injection

Cross-site scripting

Data leakage

Improper error handling

Incredibly, default or weak passwords are still often used by enterprises to protect an
online asset as important as a database, but it's a problem that's easy to fix. The remedy is
enforcing a strong password policy; that is, passwords must be changed regularly and be
at least 10 digits long and contain both alphanumeric characters and symbols. With this
policy, you will close down an attacker's easy route to your data.
SQL injection also relies on poor database implementation, specifically in regard to how
SQL queries are sent to the database. If the database accepts SQL queries generated from
user-supplied data that has not been cleaned and validated, it is open to SQL injection
attacks. For example, by modifying the expected input received from a Web-based form,
an attacker can submit malicious SQL queries and pass commands directly to a database.

To prevent this type of attack, it is essential to ensure that all user-supplied data is
validated before letting it anywhere near your scripts, data access routines and SQL
queries, and preferably use parameterized queries. Another reason to validate and clean
data received from users is to prevent cross-site scripting (XSS) attacks, which can be
used to compromise a database connected to a Web server. They work by injecting a
client-side script such as JavaScript into a Web application's output via a Web form.
These scripts are used to gather cookie data, which is often incorrectly used to store
information such as a user's account login information.
One problem that is often overlooked when building a database application is data
leakage. This is where sensitive data is transferred or made available unintentionally. The
classic mistake is failing to secure and control access to database backup tapes. A less
obvious leak is via data inference. Often more sensitive data can be inferred from
answers to valid queries on the data, such as an illness from prescribed medication. A
common solution is to monitor query patterns to detect such activity.
Closely related to data leakage is the improper handling of errors when an error occurs at
the database. Many applications display a detailed message. These error messages can
reveal information about the structure of the database, which can in turn be used to stage
attacks. By all means, log the error for your own records, but make sure your application
doesn't return any specific details about the error to users or to attackers.
To fully secure your database, split the task into the following four areas in order to
ensure a comprehensive check:

Server security

Application security

Database connections

Database and table access control

A database server needs to be hardened in the same way as any other server to ensure that
malicious hackers cannot attack the database via vulnerabilities in the operating system.
Preferably, the database should sit behind its own application-layer firewall.
To help with the process of securing database connections and defining access controls,
create a data flow diagram that tracks how data flows through the application. Next,
identify the places where data enters or exits another application and review the trust
levels assigned to these entry and exit points. Also define the minimum privileges any
external user or process requires to access the system. Configuring and building your
database application with security as a key driver will ensure your data stays secure.
To ensure the authenticity of the ID, a control number must be given stored on a
database like Microsoft Excel spreadsheet.
For the materials to be used to make the new Company ID is enlisted as:

One personal computer

One printer with CISS System
Gimp (software)
A camera with 5 megapixels or
higher

PVC ID kit
High quality Scissors
ID protector
Laces (two colors) blue and
yellow

The proposal for the RSRH is to have a color code for regular and temporary id laces
for easy identification of the people inside the company.
The layout or design would be approved by the board of directors for clarification and
proper contents. The researchers also made a sample for the board to examine the quality
of the ID.

CHAPTER 3
RESEARCH METHODOLOGY
This chapter discusses the methods and procedures which are essential in the
conduct of the study. The study includes (1) Research Method, (2) Sources of Data, (3)
Instrumentation, (4) Respondents of the Study, and (5) Statistical Treatment of Data.
Research Method
The method used on this study is a descriptive method. The researchers agreed
that the descriptive format because the problem is visible. (Why choose descriptive?)
Sources of Data
The researches agreed upon two ways to gather data, first is from the company
workers and the internet.
Instrumentation

Every participant on this research will be given an equal task to gather and sort
data from the internet and field interview. Primary data is collected through the company.
The researchers will be obtaining the profile of the company and asked the Human
resource department permission to ask around the employees about a new id system and
present the proposal via questionnaire. The questionnaire (refer to appendix A) has two
parts, first is a multiple choice where the correspondents will answer if they agree or
disagree and the second part would be for feedback. After the correspondents answer the
questionnaire, the data will be divided by those who agreed and disagreed. The
researchers will also take not of the comments they gave to the proposal.
Secondary data would be gathered on the answered questionnaires, and the
internet.
Respondent of the Study
The respondents of the study are the employees of RSRH. The list the researchers
would have will be given by the Human Resource Department. (Refer to appendices
must include the letter you got from the company certifying that the respondents are
indeed employed by the said co.) how many?
Statistical Treatment
The data gathered will undergo the following process: Descriptive Statistics is
concerned by the gathering, classification and presentation of the data. The summarizing
value will describe the group characteristics of the data like the average and percentages
are presented as a result of the descriptive nature

Improving the security by the use of logging visitors

and employees before inspecting the personal
belongings and frisking then encoding the gathered
names on a software database for reference, retrieval
and documentation