ICT Security Officer (ICTSO)
Ts. Gs. Sulaiman bin Budin sulaimb3@sarawak.gov.my 6082-444111 extension 8308 |
Protecting the ICT security programs of the state government is of utmost importance as any breach of privacy or security levels undermines thetrustworthiness of the system and erodes the confidence of users. The ICT SecurityOfficer (ICTSO) is assigned with the task to counteract against possible intruders orantagonists towards these programs. The ICTSO is also responsible for the development, implementation and maintenance of the ICT security programs in respective departments of the State Public Service. This includes producing the Desktop Security Management Policy focusing on anti-virus practice, back-up practice, scan practice, people practice and so forth; and conceptualizing the State Security Handbook as reference for the State Public Service on security guideline, procedure and policy. The roles and responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT programs and guarding against security threats are manifold: Role of ICT SecurityOfficer (a) Implement ICT security programs that have been identified; (b) Provide information and exposure regarding State Government ICT Security Policies to all users of the agency; (c) Identify and analyse the risks of ICT assets. Carry out risk management activities; (d) Report ICT security incident(QCERT), and inform the Agency CIO; (e) Collaborate with all relevant parties in identifying the source of ICT security threats or incidents and recommend immediate remedial measures for preventive and strengthening measures to the ICTSO Head; and (f) Keep records, evidence and up-to-date reports on State Government ICT security threats. importance as any breach of privacy or security levels undermines the
trustworthiness of the system and erodes the confidence of users. The ICT Security
Officer (ICTSO) is assigned with the task to counteract against possible intruders or
antagonists towards these programs.
The ICTSO is also responsible for the development, implementation and
maintenance of the ICT security programs in respective departments of the State
Public Service. This includes producing the Desktop Security Management Policy
focusing on anti-virus practice, back-up practice, scan practice, people practice and
so forth; and conceptualizing the State Security Handbook as reference for the State
Public Service on security guideline, procedure and policy. The roles and
responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT
programs and guarding against security threats are manifold:
ICT Security Programs
• Manage departmental ICT security programs
• Enforce ICT security policy, standards and guidelines for use from keeping
documents up-to-date to keeping pace with changes in technology,
organizational directions and potential threats
2
• Assist in development of specific standards or guidelines that meet the
department's ICT security policy and application requirements
• Review ICT systems for vulnerabilities and risks against stated security
requirements
Program Audits
• Perform audits based on accepted ICT security policy, standards and
guidelines to check for non-compliance
• Suggest measures to bridge gap where non-compliance exists
• Ensure that in cases of policy exception, risk acceptance process is adhered
to, and that exception is reviewed and reassessed periodically
• Review audit and examination reports on ICT security issues, including
briefing management on issues involved with periodic follow-ups to ensure
proper controls and procedures are adhered to within the stipulated timeframe
• Define key threats to information assets and ensure management
understands gravity of situation
Security Threats
• Maintain up-to-date knowledge on current threats, information processing
technologies, and information protection methods from information updates,
ICT security seminars and on-the-job training
• Prepare and disseminate appropriate warning on potential threats to the
department's information assets, e.g., computer virus outbreak
• Form a security handling team to oversee security incidents
• Co-ordinate or assist in investigating threats or other attacks on information
assets
• Assist in the recovery from attacks
• Assist department in responding to client's security issues, which include
providing letters of assurance or questions on security measures
• Report any ICT security issues to the respective department’s Security Office
and CIO
The ICTSO is given opportunities to upgrade their knowledge and skills in the
areas of ICT security from a number of forums and training courses such as
the ICT Security Conference and the annual Security Awareness Workshop.
|
