Font Size AAA
Language:   English  | Malay
Chief Information Officer (CIO)Chief Information Officer (CIO)


Lim Khing Chong
 6082-444 111 sambungan 8400
  Roles and Responsibilities
The Chief Information Officer (CIO) is responsible for the dedevelopment of his or her agency's State ICT Strategic Plan (ITSP). Appointed by the respective agency, the CIO represents a valuable component in the efforts by the government to institute strategic ICT planning in the State Public Service.

Roles of CIO
a). Develop the agency's annual Information and Communication Technology Strategic Plan (ITSP).
b). Consolidate and integrate the cross-functional processes between agencies.
c). Develop, operate and manage a secure and stable ICT system and infrastructure.
d). Enstablish and set ICT directions for the agency.
e). Preserve the data integrity amongst the applications owned by the agency.
f). Promote effective ICT usage, which is in line with the agency's strategic objectives.
g). Lead and engage the agency in government initiatives to develop and implement ICT projects in the State Public Service.

importance as any breach of privacy or security levels undermines the
trustworthiness of the system and erodes the confidence of users. The ICT Security
Officer (ICTSO) is assigned with the task to counteract against possible intruders or
antagonists towards these programs.
The ICTSO is also responsible for the development, implementation and
maintenance of the ICT security programs in respective departments of the State
Public Service. This includes producing the Desktop Security Management Policy
focusing on anti-virus practice, back-up practice, scan practice, people practice and
so forth; and conceptualizing the State Security Handbook as reference for the State
Public Service on security guideline, procedure and policy. The roles and
responsibilities of the ICTSO in overseeing State ICT security, auditing its ICT
programs and guarding against security threats are manifold:
ICT Security Programs
• Manage departmental ICT security programs
• Enforce ICT security policy, standards and guidelines for use from keeping
documents up-to-date to keeping pace with changes in technology,
organizational directions and potential threats
• Assist in development of specific standards or guidelines that meet the
department's ICT security policy and application requirements
• Review ICT systems for vulnerabilities and risks against stated security
Program Audits
• Perform audits based on accepted ICT security policy, standards and
guidelines to check for non-compliance
• Suggest measures to bridge gap where non-compliance exists
• Ensure that in cases of policy exception, risk acceptance process is adhered
to, and that exception is reviewed and reassessed periodically
• Review audit and examination reports on ICT security issues, including
briefing management on issues involved with periodic follow-ups to ensure
proper controls and procedures are adhered to within the stipulated timeframe
• Define key threats to information assets and ensure management
understands gravity of situation
Security Threats
• Maintain up-to-date knowledge on current threats, information processing
technologies, and information protection methods from information updates,
ICT security seminars and on-the-job training
• Prepare and disseminate appropriate warning on potential threats to the
department's information assets, e.g., computer virus outbreak
• Form a security handling team to oversee security incidents
• Co-ordinate or assist in investigating threats or other attacks on information
• Assist in the recovery from attacks
• Assist department in responding to client's security issues, which include
providing letters of assurance or questions on security measures
• Report any ICT security issues to the respective department’s Security Office
and CIO
The ICTSO is given opportunities to upgrade their knowledge and skills in the
areas of ICT security from a number of forums and training courses such as
the ICT Security Conference and the annual Security Awareness Workshop.