The primary role of Information Security Management & Assurance (ISMA) department is to drive information security management based on ISO/IEC 27001 Information Security Management System (ISMS) for CyberSecurity Malaysia.
This includes planning, developing, implementing and monitoring ISMS such as information security risk management, information security awareness programmes, information security management review, development of information security policies and procedures and Business Continuity Management (BCM).
In addition, the department contributes towards standardisation development in areas of information security; both locally and internationally. ISMA is also entrusted to deliver trainings and awareness talks related to information security management to external organisations.
On top of that, ISMA drives the development of commercial projects for public and private sectors on Information Security Management and Information Security Governance, Risk and Compliance (ISGRC) field.
Among the services offered by ISMAD are:
Information Security Management System (ISMS) Guidance Series
Information Security Management System (ISMS) Guidance Series is a service provided to government agencies, corporate organizations, small medium enterprises (SME) and any interested corporation to guide the organization on the implementation of information security. It ultimately prepares them to fulfil all requirement for ISO/IEC 27001 Information Security Management System certification.
Information Security Governance, Risk & Compliance (ISGRiC)
Information Security Governance, Risk & Compliance or ISGRiC Health Check Assessment is a service provided to government agencies, corporate organisations, small medium enterprises (SME) and any interested corporation to assist them in determining their current level of readiness and initiatives in information security governance, risk management and compliance. It also assists management in making informed decisions based on ISGRiC results to justify information security investment and support the business case for managing information security.
We would like to invite you to visit our published guidelines and best practices.