kclim@sarawak.gov.my6082-444 111 sambungan 8400 |
Roles and Responsibilities The Chief Information Officer (CIO) is responsible for the development and implementation of the agency's ICT Strategic Plan. The CIO is also responsible for the development, implementation and monitoring of the ICT projects in the Agency. The CIO represents a valuable component in the efforts by the Government to institute strategic ICT initiatives in the State Public Service including establishment of ICT policies, standards, best practices and risk management. Roles of Chief Information Officer (a). To establish and set ICT directions for the Agency. (b). To strength ICT policies, standards and practices in the Agency. (c). To develop the agency's annual ICT Strategic Plan. (d). To consolidate and integrate the cross-functional processes and information sharing between agencies. (e). To develop, operate and manage a secure and stable ICT system and infrastructure. (f). To preserve the data integrity amongst the applications owned by the Agency. (g). To promote effective ICT usage, in line with the agency's strategic objectives. (h). To lead and engage the Agency to develop and implement ICT projects in line with the State Digital Government initiatives. (i). To leverage on technology to enhance the service delivery of the Agency by implementing efficient application systems, web and mobile services. importance as any breach of privacy or security levels undermines the
trustworthiness of the system and erodes the confidence of users. The ICT Security
Officer (ICTSO) is assigned with the task to counteract against possible intruders or
antagonists towards these programs.
The ICTSO is also responsible for the development, implementation and
maintenance of the ICT security programs in respective departments of the State
Public Service. This includes producing the Desktop Security Management Policy
focusing on anti-virus practice, back-up practice, scan practice, people practice and
so forth; and conceptualizing the State Security Handbook as reference for the State
Public Service on security guideline, procedure and policy. The roles and
responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT
programs and guarding against security threats are manifold:
ICT Security Programs
• Manage departmental ICT security programs
• Enforce ICT security policy, standards and guidelines for use from keeping
documents up-to-date to keeping pace with changes in technology,
organizational directions and potential threats
2
• Assist in development of specific standards or guidelines that meet the
department's ICT security policy and application requirements
• Review ICT systems for vulnerabilities and risks against stated security
requirements
Program Audits
• Perform audits based on accepted ICT security policy, standards and
guidelines to check for non-compliance
• Suggest measures to bridge gap where non-compliance exists
• Ensure that in cases of policy exception, risk acceptance process is adhered
to, and that exception is reviewed and reassessed periodically
• Review audit and examination reports on ICT security issues, including
briefing management on issues involved with periodic follow-ups to ensure
proper controls and procedures are adhered to within the stipulated timeframe
• Define key threats to information assets and ensure management
understands gravity of situation
Security Threats
• Maintain up-to-date knowledge on current threats, information processing
technologies, and information protection methods from information updates,
ICT security seminars and on-the-job training
• Prepare and disseminate appropriate warning on potential threats to the
department's information assets, e.g., computer virus outbreak
• Form a security handling team to oversee security incidents
• Co-ordinate or assist in investigating threats or other attacks on information
assets
• Assist in the recovery from attacks
• Assist department in responding to client's security issues, which include
providing letters of assurance or questions on security measures
• Report any ICT security issues to the respective department’s Security Office
and CIO
The ICTSO is given opportunities to upgrade their knowledge and skills in the
areas of ICT security from a number of forums and training courses such as
the ICT Security Conference and the annual Security Awareness Workshop.
|