Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
119 views

Action On Trigger Responsibility Response Plan

The document outlines 4 potential risks to information security and the corresponding responsibilities and response plans. For each risk, it identifies the trigger, those responsible for the risk, and a list of response plan actions to secure information if the trigger occurs. The risks covered are password leakage, communication security, filing document negligence, and misunderstanding of established legislation and regulations. Responsible parties include ICT administrators, network managers, office administrators, and human resources. Response plans include password policies, network access controls, document storage and destruction protocols, and training to ensure compliance.

Uploaded by

Fatin Amira
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
119 views

Action On Trigger Responsibility Response Plan

The document outlines 4 potential risks to information security and the corresponding responsibilities and response plans. For each risk, it identifies the trigger, those responsible for the risk, and a list of response plan actions to secure information if the trigger occurs. The risks covered are password leakage, communication security, filing document negligence, and misunderstanding of established legislation and regulations. Responsible parties include ICT administrators, network managers, office administrators, and human resources. Response plans include password policies, network access controls, document storage and destruction protocols, and training to ensure compliance.

Uploaded by

Fatin Amira
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Risk Assessment Matrix

Action on trigger Responsibility Response Plan

1) Password leakage ICT system administrator, Selection, use and management of passwords as the main route to
Data center administrators, access information and data in the system set by the Ministry of
ICT network administrators Education Malaysia as follows:
and Users.
a. under any circumstances and for any reason, passwords shall be
protected and shall not be shared by anyone.
b. Users should change passwords when password leaks are suspected
or compromised.
c. Passwords must be remembered and may not be recorded, stored or
disclosed in any way.
d. Window and screen saver passwords must be activated especially on
computers located in the common space.
e. Passwords should not be displayed during input, in reports or other
media and should not be recorded in the program.
f. Enforce the password change during the first login or after the password
is reset.
g. The password must be different from the user's identity identification.
h. Avoid reusing newly used passwords and;
i. The password setting must comply with a word length combination of at
least eight (8) characters with a combination of characters and numbers.

Action on trigger Responsibility Response Plan


Network Management,
2) Communication Selection, use and management of passwords as the main route to
Information Exchange,
Security access information and data in the system set by the Ministry of
Management Online Services,
Education Malaysia as follows:
Social media.
a. responsibilities or work of network operation and computer should be
isolated for reducing access and modification which is not justified;
b. access to network equipment shall be controlled and limited to users
who allowed only;
c. ensure ICT protection requirements are appropriate and sufficient to
support more optimal service;
d. network related work can only be performed by trained staff and
allowed only;
e. protect media that contain information from unauthorized access,
current abuse or damage transfer out of KPM;
f. uses an account or email address allocated by the MOE can only be
used. Used of someone else’s account or accounts shared is prohibited;
and
g. information involved in internal transactions lines need to be protected
from internal transactions lines need to be protected from fraudulent
activity, contract disputes and disclosures as well unauthorized
modifications.

Action on trigger Responsibility Response Plan


Office administrator, Selection, use and management of filling documentation set by the
3) File documents of
Store file security management, Malaysia Regulatory & Compliance:-
negligence
ICT network administrator a. The importance of shredding sensitive documents cannot be
emphasized enough. It should be shredded and disposed of.
b. Identify sensitive documents, limits the access file to selected superior
only.
c. Fill in the usage form every time take out the file document.
d. All staff are compulsory involved to attend seminar regarding security
documentation.
e. Keep those file documents in lockable drawer, cabinet or storage room.
f. All book keeping record must have duplicate.
g. Enforcement of using access card in and out.

Action on trigger Responsibility Response Plan


4) Misunderstanding Human Resource Management
Below are the respond plan for human resource:
of established
legislation and a. Ensure Users as well as third parties that interested in managing asset
regulations security ICT based on laws and regulations set by the MOE;

b. Ensure awareness training and that related to security management


ICT assets are given to MOE ICT users continuously in performing their
duties and responsibilities, and if should be given to a third party
interested from time to time;

c. Ensure there is a process of disciplinary action and/ or laws on officers


and MOE staff as well as third parties who interested in the event of a
collision with legislation and regulations in place by KPM; and

d. Strengthen knowledge related to use of ICT assets to ensure each ICT


facilities are used in a way and the right method in order to guarantee
interest ICT security. Any courses and training technically required, users
can refer to the Human Resource Management, KPM

You might also like