Mampu steps up ICT security initiative
3rd January 2006 (Computimes)
BY IZWAN ISMAIL THE Malaysian Administrative Modernisation and Management Planning Unit (Mampu) is gearing up its initiative in the information and communications technology (ICT) security space, aimed at enhancing the quality of the public sector delivery system. According to its director of ICT security division Wan Mohd Rosdi Wan Dolah, ICT security has become a critical factor in ensuring the success of efficient computerisation projects and the continuity of Government service delivery. "To achieve this, Mampu is pushing for the implementation of security policy at agencies level, ensuring ICT assets are secured from intrusions and attacks, and that the architecture of Government ICT systems comply with established security standards," he said in Putrajaya recently. For 2006, Wan Mohd Rosdi said Mampu will look at security issues in areas such as wireless, digital devices, and Internet protocol (IP). "We foresee that new elusive threats will continue, and towards that end, we will be enhancing our mechanisms like the Public Sector Network Monitoring System (Prisma) and Government Computer Emergency Response Team (GCERT) with an ICT early warning system, and combine proactive and reactive incident response capabilities with 24/7 monitoring," he added. According to Wan Mohd Rosdi, Government agencies are also to implement an ICT systems audit known as Security Posture Assessment (SPA), which is an exhaustive examination and review of a department's current ICT network and systems' security. "It identifies weaknesses and vulnerabilities that put an agency at risk, and provides recommendations to improve security," he said. "In the assessment process, existing ICT policies and their implementation will be reviewed, system installation validated, and all points of entry into the network checked." He said over a period of five years until 2010, all agencies are required to implement a high-level ICT risk assessment. Wan Mohd Rosdi emphasised that the ultimate goal is to ensure business or services continuity and to minimise damage by keeping the effects of security incidents to the minimum. "By 2010, we hope 100 per cent of Government ICT assets to comply and conform to specific ICT security standards like the BS 7799," he added. Mampu also plans to educate the Government agencies on the importance of ICT security and its relation to better service delivery. Last year, it conducted a series of ICT security awareness programmes like consultative services, security training, and workshops to security officers from various agencies. Wan Mohd Rosdi said Mampu is also looking at partnering with Intan to conduct the training programmes for 2006. |
