State Government ICT Security - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

State Government ICT Security

Description:

Recognised ICT as a strategic tool. Established SITC on 23 July 1996 ... Lodge police report for legal action. Patch systems and fix vulnerability ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 26
Provided by: timb153
Category:

less

Transcript and Presenter's Notes

Title: State Government ICT Security


1
State Government ICT Security
Sabah State Government CIO Conference 2004
  • Presented by
  • Dr Mingu Jumaan
  • Director
  • Jabatan Perkhidmatan Komputer Negeri

22 June 2004
2
Background
  • Recognised ICT as a strategic tool
  • Established SITC on 23 July 1996
  • to spearhead ICT deployment and development in
    the State
  • Modelled along the NITC

3
Background
Sabah IT Council (SITC)
Chairman
Chief Minister
Deputy Chairman
Minister of Resource Development and IT
Secretariat
State IT Unit
Members
Public, Private and Third sectors
4
Functions of SITC
Background
  • Formulates policies
  • Monitors ICT projects
  • Advises State Government
  • Liases with Federal Government
  • Promotes use of ICT
  • Strategies ICT development

5
Background
  • Launched Electronic Government and SabahNet on
    23rd September 1997.
  • One of the desired features of an electronic
    government is to guarantee that
  • confidential data held in the system is fully
    protected.
  • network be protected from unauthorized access,
    malicious attack and loss of data integrity
  • External and internal threats on ICT security
  • Poor ICT Security can leads to inability to
    function and lose of data, incur more cost to fix
    and recover data, disruption to government
    operation, and damage reputation.

6
Background
  • Security policy needs to be defined to protect
    the government ICT assets as well as to provide
    better and faster response to security incidents.
  • SITC endorsed the formation of a Working
    Committee on State Government ICT Security on
    29th May 2002.

7
State Government ICT Security Working Committee
  • State Chief Information Officer (CIO) - Chairman
  • State Chief Security Officer (CSO) - Head of
    secretariat
  • Setiausaha Tetap Kementerian Kewangan - member
  • Pengarah Jabatan Perkhidmatan Awam Negeri
    member
  • Pengarah Unit Kemajuan IT - member 
  • Pegawai Keselamatan Malaysia, Negeri Sabah -
    member
  • Setiausaha Hal Ehwal Dalam Negeri dan
    Penyelidikan -member

8
Terms of Reference
State Government ICT Security Working Committee
  • To recommend specific measures in addressing ICT
    security issues to SITC
  • Prepare reports and present findings for the
    deliberation of SITC

9
Objectives of Working Committee
State Government ICT Security Working Committee
  • To minimize the adverse effect of security
    incidents
  • To educate users of ICT assets security measures
  • To provide a mechanism for reporting of security
    incidents so that remedy / action can be taken
    quickly
  • To ensure that ICT security measures/guidelines
    are adhered to by users

10
Functions of Working Committee
State Government ICT Security Working Committee
  • To formulate and review policies, goals,
    strategies, standard and operational guidelines
    pertaining to ICT security of the state
    government
  • To advise the state government on the development
    of human resources to ensure successful
    implementation of ICT security measures
  • To liaise with the federal government on national
    ICT security policies and plans

11
Functions (cont)
State Government ICT Security Working Committee
  • To monitor, review and co-ordinate the
    implementation of state ICT security measures
    among state public agencies
  • To establish standard in the application of ICT
    security measures
  • To carry out auditing on state ICT assets so that
    security measures/guidelines are adhered to
  • To carry out research and development on ICT
    security technologies

12
Secretariat of Working Committee
State Government ICT Security Working Committee
  • Secretariat - JPKN
  • Chairman of the secretariat - Director of JPKN
  • Members - JPKN, UKIT and KKIPC
  • Terms of reference of the secretariat shall be
    to provide secretarial, organizational and
    administrative services to the ICT security
    working committee

13
State ICT Security Teams
  • Under the State Government ICT Security Working
    Committee, five teams were formed to look after
    specific areas of State ICT security matters

14
State ICT Security Teams
sgCERT
Audit
Monitoring
State ICT Security Working Committee
Secretariat (JPKN)
HRD
RD
15
Incident Response Forensic (sgCERT)
State ICT Security Teams
  • Membership
  • Core Technical Members
  • Members from State Government ICT Security Team
  • Remote Agents
  • Selected personnel at each major remote sites
  • Functions
  • To formulate / review procedures in responding to
    incidents
  • To report ICT security Incidents

16
State ICT Security Teams
  • sgCERT (Cont)
  • To respond to report of ICT Security incidents
  • To identify and inform relevant personnel on
    incidents based on need to know basis
  • To collect and analyse forensic evidence
  • To write reports on incidents and propose the
    next course of action
  • Lodge police report for legal action
  • Patch systems and fix vulnerability

17
Audit and Assessment
State ICT Security Teams
  • Membership
  • Core Technical Members
  • Members from State Government ICT Security Team
  • Remote Agents
  • Selected personnel at each major remote sites
  • Independent Auditors
  • To compare the actual ICT security level and with
    the perceived ICT security baseline

18
Audit and Assessment (Cont)
State ICT Security Teams
  • Functions
  • To formulate and review ICT security auditing and
    assessment procedures
  • To take pre-emptive actions to remove possible
    source of vulnerabilities based on security
    advisories received
  • To plan for security enhancement
  • To register all ICT equipment /facilities
    /services
  • To periodically audit and assess the ICT security
    and update the ICT security baseline.

19
Education and Awareness (HRD)
State ICT Security Teams
  • Membership
  • Members from State Government ICT Security Team
  • INSAN
  • Functions
  • To formulate and review training curriculum on
    ICT security
  • To plan, conduct and review ICT security
    awareness activities
  • To conduct regular ICT security training

20
Security Monitoring
State ICT Security Teams
  • Membership
  • Core members
  • Members of the State Government ICT Security Team
  • Sabah.Net Secure Network Operating Center
  • Remote agents
  • Selected personnel at each major remote sites
  • Functions
  • To formulate and review ICT Security Monitoring
    procedures
  • To monitor and ensure Security Policy Compliance
  • To monitor and create Security Advisory
  • To report suspicious activities
  • To monitor daily security logs

21
Research Development
State ICT Security Teams
  • Membership
  • Members from State Government ICT Security Team
  • Functions
  • To evaluate security tools and propose
    recommendation
  • To study Systems / Network / Application Security
    improvement propose recommendation
  • To create customised tools / scripts to improve
    ICT securities
  • To create commercial ICT security products
  • To report new vulnerabilities found to vendors

22
Future Activities
  • Policy formulation
  • Awareness training
  • Security forums
  • Security auditing

23
Challenges
  • Attitude and mindset of the users Not bother
    and not sensitive
  • Lack of staff with time and skills devoted to
    security
  • Local security training available insufficient

24
Closing Remarks
ICT security is important ..
The most critical security hole not lie with the
system, but the people operating the systems.
Need to treat ICT security seriously. ICT
security matters are everyone responsibility.
Secured ICT
The only truly secured ICT is where the computer
is buried in concrete, with the power turned off
and the network cable cut.
25
Thank You
Write a Comment
User Comments (0)
About PowerShow.com