Font Size AAA
Bahasa:   English  | Bahasa Malaysia
<font color="#d82e2e">Pegawai Keselamatan ICT (ICTSO)</font>Pegawai Keselamatan ICT (ICTSO)

Dzuren Datu Haji Hamzah
 
 dzurenh@sarawak.gov.my
  6082-444111 sambungan 8206

  Roles & Responsibilities

Protecting the ICT security programs of the state government is of utmost importance as any breach of privacy or security levels undermines thetrustworthiness of the system and erodes the confidence of users. The ICT SecurityOfficer (ICTSO) is assigned with the task to counteract against possible intruders orantagonists towards these programs. 

The ICTSO is also responsible for the development, implementation and maintenance of the ICT security programs in respective departments of the State Public Service. This includes producing the Desktop Security Management Policy focusing on anti-virus practice, back-up practice, scan practice, people practice and so forth; and conceptualizing the State Security Handbook as reference for the State Public Service on security guideline, procedure and policy. The roles and responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT programs and guarding against security threats are manifold:

 

ICT Security Programs

  • Protecting the ICT security programs of the state government is of utmost.
  • Manage departmental ICT security programs.
  • Enforce ICT security policy, standards and guidelines for use from keeping documents up-to-date to keeping pace with changes in technology,organizational directions and potential threats.
  • Assist in development of specific standards or guidelines that meet the department's ICT security policy and application requirements. 
  • Review ICT systems for vulnerabilities and risks against stated security requirements.

Program Audits

  • Perform audits based on accepted ICT security policy, standards and guidelines to check for non-compliance.
  • Suggest measures to bridge gap where non-compliance exists.
  • Ensure that in cases of policy exception, risk acceptance process is adhered to, and that exception is reviewed and reassessed periodically.
  • Review audit and examination reports on ICT security issues, including briefing management on issues involved with periodic follow-ups to ensure proper controls and procedures are adhered to within the stipulated timeframe.
  • Define key threats to information assets and ensure management understands gravity of situation.

Security Threats

  • Maintain up-to-date knowledge on current threats, information processing technologies, and information protection methods from information updates, ICT security seminars and on-the-job training.
  • Prepare and disseminate appropriate warning on potential threats to the department's information assets, e.g., computer virus outbreak.
  • Form a security handling team to oversee security incidents.
  • Co-ordinate or assist in investigating threats or other attacks on information assets.
  • Assist in the recovery from attacks.
  • Assist department in responding to client's security issues, which include providing letters of assurance or questions on security measures.
  • Report any ICT security issues to the respective department’s Security Office.
importance as any breach of privacy or security levels undermines thetrustworthiness of the system and erodes the confidence of users. The ICT SecurityOfficer (ICTSO) is assigned with the task to counteract against possible intruders orantagonists towards these programs.The ICTSO is also responsible for the development, implementation andmaintenance of the ICT security programs in respective departments of the StatePublic Service. This includes producing the Desktop Security Management Policyfocusing on anti-virus practice, back-up practice, scan practice, people practice andso forth; and conceptualizing the State Security Handbook as reference for the StatePublic Service on security guideline, procedure and policy. The roles andresponsibilities of the ICTSO in overseeing State ICT security, auditing its ICTprograms and guarding against security threats are manifold:ICT Security Programs• Manage departmental ICT security programs• Enforce ICT security policy, standards and guidelines for use from keepingdocuments up-to-date to keeping pace with changes in technology,organizational directions and potential threats2• Assist in development of specific standards or guidelines that meet thedepartment's ICT security policy and application requirements• Review ICT systems for vulnerabilities and risks against stated securityrequirementsProgram Audits• Perform audits based on accepted ICT security policy, standards andguidelines to check for non-compliance• Suggest measures to bridge gap where non-compliance exists• Ensure that in cases of policy exception, risk acceptance process is adheredto, and that exception is reviewed and reassessed periodically• Review audit and examination reports on ICT security issues, includingbriefing management on issues involved with periodic follow-ups to ensureproper controls and procedures are adhered to within the stipulated timeframe• Define key threats to information assets and ensure managementunderstands gravity of situationSecurity Threats• Maintain up-to-date knowledge on current threats, information processingtechnologies, and information protection methods from information updates,ICT security seminars and on-the-job training• Prepare and disseminate appropriate warning on potential threats to thedepartment's information assets, e.g., computer virus outbreak• Form a security handling team to oversee security incidents• Co-ordinate or assist in investigating threats or other attacks on informationassets• Assist in the recovery from attacks• Assist department in responding to client's security issues, which includeproviding letters of assurance or questions on security measures• Report any ICT security issues to the respective department’s Security Officeand CIOThe ICTSO is given opportunities to upgrade their knowledge and skills in theareas of ICT security from a number of forums and training courses such asthe ICT Security Conference and the annual Security Awareness Workshop.