Page 63 - Microsoft Word - MoHR-ISP-D4-Final ISP-EXECUTIVE SUMMARY-v1.0
P. 63
MINISTRY OF HUMAN RESOURCES (MoHR)
ICT STRATEGIC PLAN 2014 - 2018
12.12 INITIATIVE 2.6 - ICT Security Audit & ICT Security
Strengthening
As the technology progresses and computers are all interlinked and
connected similar to the banking industry, the security threat is
becoming of a paramount importance to ensure the security of the
Government Data is not compromised. It is recommended that regular
ICT Security Audit to be embraced and executed by specialised ICT
Security Professionals. In addition, ICT Security intrusion detection,
mobility management, antivirus and desktop management, mobile
devices security to be hardened and strengthen. Typically, the outcome
from the ICT Security Audit will identify potential vulnerability and
threats that would require remedies and preventive measures. There are
many types of security hardening tools hardware and software and also
ICT Security Monitoring Solutions that will be overseeing the security
threats. The importance of addressing the ICT Security shall be
addressed holistically and has to comply to ICT Security Guidelines by
MAMPU as well as to adhere to the proposed ICT Organisation Structure
that is dedicated to manage the entire process of audit, intrusion
detection, identity management, risk management, etc.
The following descriptions shall serve as a basic guideline with respect to
the ICT Security Audit. There are seven (7) areas to performed security
audit:
1) Physical Security
2) Network Security
3) Protocol / Services
4) User Security
5) Data Storage Security
6) Passwords
7) System Administration
ISP EXECUTIVE SUMMARY v1.0
52