Language:   EN  | BM
Theme: Blue and Green Theme: Blue and Green Theme: Red Theme: Green

ICT Security Officer (ICTSO)ICT Security Officer (ICTSO)

Dzuren Datu Haji Hamzah
 
 dzurenh@sarawak.gov.my
  6082-444111 extension 8206
  Roles & Responsibilities

Protecting the ICT security programs of the state government is of utmost importance as any breach of privacy or security levels undermines thetrustworthiness of the system and erodes the confidence of users. The ICT SecurityOfficer (ICTSO) is assigned with the task to counteract against possible intruders orantagonists towards these programs.

The ICTSO is also responsible for the development, implementation and maintenance of the ICT security programs in respective departments of the State Public Service. This includes producing the Desktop Security Management Policy focusing on anti-virus practice, back-up practice, scan practice, people practice and so forth; and conceptualizing the State Security Handbook as reference for the State Public Service on security guideline, procedure and policy. The roles and responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT programs and guarding against security threats are manifold:


ICT Security Programs

  • Protecting the ICT security programs of the state government is of utmost.
  • Manage departmental ICT security programs.
  • Enforce ICT security policy, standards and guidelines for use from keeping documents up-to-date to keeping pace with changes in technology,organizational directions and potential threats.
  • Assist in development of specific standards or guidelines that meet the department's ICT security policy and application requirements. 
  • Review ICT systems for vulnerabilities and risks against stated security requirements.

Program Audits

  • Perform audits based on accepted ICT security policy, standards and guidelines to check for non-compliance.
  • Suggest measures to bridge gap where non-compliance exists.
  • Ensure that in cases of policy exception, risk acceptance process is adhered to, and that exception is reviewed and reassessed periodically.
  • Review audit and examination reports on ICT security issues, including briefing management on issues involved with periodic follow-ups to ensure proper controls and procedures are adhered to within the stipulated timeframe.
  • Define key threats to information assets and ensure management understands gravity of situation.

Security Threats

  • Maintain up-to-date knowledge on current threats, information processing technologies, and information protection methods from information updates, ICT security seminars and on-the-job training.
  • Prepare and disseminate appropriate warning on potential threats to the department's information assets, e.g., computer virus outbreak.
  • Form a security handling team to oversee security incidents.
  • Co-ordinate or assist in investigating threats or other attacks on information assets.
  • Assist in the recovery from attacks.
  • Assist department in responding to client's security issues, which include providing letters of assurance or questions on security measures.
  • Report any ICT security issues to the respective department’s Security Office.
importance as any breach of privacy or security levels undermines the
trustworthiness of the system and erodes the confidence of users. The ICT Security
Officer (ICTSO) is assigned with the task to counteract against possible intruders or
antagonists towards these programs.
The ICTSO is also responsible for the development, implementation and
maintenance of the ICT security programs in respective departments of the State
Public Service. This includes producing the Desktop Security Management Policy
focusing on anti-virus practice, back-up practice, scan practice, people practice and
so forth; and conceptualizing the State Security Handbook as reference for the State
Public Service on security guideline, procedure and policy. The roles and
responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT
programs and guarding against security threats are manifold:
ICT Security Programs
• Manage departmental ICT security programs
• Enforce ICT security policy, standards and guidelines for use from keeping
documents up-to-date to keeping pace with changes in technology,
organizational directions and potential threats
2
• Assist in development of specific standards or guidelines that meet the
department's ICT security policy and application requirements
• Review ICT systems for vulnerabilities and risks against stated security
requirements
Program Audits
• Perform audits based on accepted ICT security policy, standards and
guidelines to check for non-compliance
• Suggest measures to bridge gap where non-compliance exists
• Ensure that in cases of policy exception, risk acceptance process is adhered
to, and that exception is reviewed and reassessed periodically
• Review audit and examination reports on ICT security issues, including
briefing management on issues involved with periodic follow-ups to ensure
proper controls and procedures are adhered to within the stipulated timeframe
• Define key threats to information assets and ensure management
understands gravity of situation
Security Threats
• Maintain up-to-date knowledge on current threats, information processing
technologies, and information protection methods from information updates,
ICT security seminars and on-the-job training
• Prepare and disseminate appropriate warning on potential threats to the
department's information assets, e.g., computer virus outbreak
• Form a security handling team to oversee security incidents
• Co-ordinate or assist in investigating threats or other attacks on information
assets
• Assist in the recovery from attacks
• Assist department in responding to client's security issues, which include
providing letters of assurance or questions on security measures
• Report any ICT security issues to the respective department’s Security Office
and CIO
The ICTSO is given opportunities to upgrade their knowledge and skills in the
areas of ICT security from a number of forums and training courses such as
the ICT Security Conference and the annual Security Awareness Workshop.