Enterprises that have defined or reviewed their ICT security policy in the last 24 months (2015 and 2019)

The utilization of the Information and Communications Technology (ICT), such as the Internet and electronic mail (e-mail) has made communication nowadays easier, faster and has tremendously reduced the usage of paper. However, if the usage of internet is not properly managed, the possibility of confidential information leakage from the inside of the organization to other entities outside of the organization may occur. The impacts of this malicious activity are beyond the boundaries and cannot be controlled despite implementing various preventive steps and enforcing various regulations. Previous studies have outlined different factors in influencing information leakages in various organizations. However, none had really identified the severity of the factors up to this day. This research hopes to fill this gap, by focusing on staff in Majlis Perbandaran Pasir Gudang (MPPG), Johor, Malaysia. This study covers factors related to human behaviour which have led towards the cases of information breach. The factors include the lack of understanding of information policy, the lack of training, poor management support and the insensitivity of the staffs toward safeguarding the information from falling to the wrong hands. Thus, it is suggested that the ICT security protection needs to be robust, secure and reliable so that the use of the internet or social media will not only enhance the communication efficiency, but also to ensure that the information security in an organization is at the most optimum level.

Download Full-text

ICT Security Policy in a Higher Education Institution in Malaysia

Handbook of Research on Information Communication Technology Policy ◽

10.4018/978-1-61520-847-0.ch021 ◽

2011 ◽

pp. 354-372 ◽

Cited By ~ 1

Author(s):

Fardzah Sulaiman ◽

T. Ramayah ◽

Azizah Omar

Keyword(s):

Higher Education ◽

Security Policy ◽

Education Institution ◽

Policy Formulation ◽

Higher Education Institution ◽

Institutions Of Higher Learning ◽

Policy Guideline ◽

Information And Communication ◽

Ict Security ◽

University Science

Information and communication technology (ICT) is an important strategic and essential functional requirement for many institutions of higher learning. In the developing world, ICT is achieving breakthrough in management and teaching through online learning, which helps to cater for the increasing student population. However, the security of the information being processed stored and exchanged is a growing concern to the management as the dependence on ICT for most of the institutions’ core services functions are increasing. This chapter discusses the current state of ICT security policy practices in University Science of Malaysia (USM); one of the Higher Education Institution in Malaysia. USM has been granted accelerated programme for excellence (APEX) status due to the mission of readiness, transformation plan and preparedness to change and transform it into Malaysia‘s first world-class university. The discussion encapsulates the problems, consequences of ICT risks and ICT awareness. Furthermore, it highlights the ICT policy guideline, ICT security policy formulation, ICT security management safeguards, principles and ICT security and adherence compliance plan.

Download Full-text

ICT Security Policy

Handbook of Research on Information Communication Technology Policy ◽

10.4018/978-1-61520-847-0.ch020 ◽

2011 ◽

pp. 337-353

Author(s):

Lawan A. Mohammed

Keyword(s):

Security Policy ◽

Computer Crime ◽

Security Policies ◽

Security Challenges ◽

Ict Security

Computer crime is now becoming a major international problem, with continual increases in incidents of cracking, hacking, viruses, worms, bacteria and the like having been reported in recent years. As a result of this massive vulnerabilities and new intrusion techniques, the rate of computer crime has accelerated beyond imagination. It is therefore vital to find policy of reducing and controlling the risk associated with such activities. However, unless the security challenges and countermeasures are well understood, the policy may not yield any fruitful results. This chapter discusses different categories of computer crime for the benefit of individuals and organizations concern with combating the problem. The chapter also discuses some security policies as means of limiting some of the vulnerabilities mentioned.

Download Full-text

CIVIL SERVANTS AWARENESS GUIDELINE TOWARDS COMPUTER SECURITY POLICY: A CASE STUDY AT THE MANPOWER DEPARTMENT, MINISTRY OF HUMAN RESOURCES

Asia-Pacific Journal of Information Technology and Multimedia ◽

10.17576/apjitm-2021-1001-08 ◽

2021 ◽

Vol 10 (01) ◽

pp. 86-99

Author(s):

Dalbir Singh

Keyword(s):

Public Sector ◽

Human Resources ◽

Computer Security ◽

Security Policy ◽

Security Policies ◽

Success Factor ◽

Successful Implementation ◽

The Public ◽

Ict Infrastructure ◽

Ict Security

ICT Security Policy includes information security-related policies, guidelines and best practices that are enforced in the Malaysian public sector. These policies are priority areas that contain guidelines for implementing ICT infrastructure in the public sector. However, there is a significant gap between these policies and awareness towards computer security policy among government servants in the public sector. Therefore a study involving government servants in the Manpower Department, Ministry of Human Resources was carried out to identify the critical success factor of these policies. The study was conducted through quantitative and qualitative methods. A survey was conducted to measure the level of awareness among government servants in agencies against computer security policies. Flaw factors in computer security policy implementation were discussed to obtain strategies to ensure the successful implementation of computer security policies in an agency. The significant factors leading to a successful implementation of computer security policy at the governmental agencies were validated by experts. As a result, a guideline has been prepared to be applied as an improvement proposal to increase the awareness of government servants on ICT security policy in the agencies.

Download Full-text

AWARENESS OF ICT SECURITY POLICY TO ENSURE DATA PROTECTION IN FORESTRY DEPARTMENT PENINSULAR MALAYSIA

Journal of Science, Technology and Innovation Policy ◽

10.11113/jostip.v7n2.93 ◽

2021 ◽

Vol 7 (2) ◽

pp. 65-74

Author(s):

Reanee Lee ◽

Ain Suzana Ariffin

Keyword(s):

Information Security ◽

Security Policy ◽

Service Providers ◽

Public Awareness ◽

Peninsular Malaysia ◽

Primary Data ◽

Security Awareness ◽

Information Security Awareness ◽

Ict Security ◽

The Impact

The Forestry Department Peninsular Malaysia's (FDPM) ICT Security Policy was developed and implemented in 2012 and reviewed in 2015. This policy aims to take the lead in managing data, hardware, software, network, and ICT security under legal regulations. Amongst the department's responsibilities are to implement data confidentiality, integrity, and availability policies to ensure the continuity of activities and services while mitigating the impact of security incidents. Accidentally, on September 16, 2016, a fire broke out in the FDPM building, causing property damage and document destruction with an estimated loss of RM30 million. Currently, in Malaysia, cybercrime and government data intrusion has become increasingly difficult to combat. Raising public awareness, particularly among officers who serve as service providers and department employees, is therefore critical to address those issues. Therefore, the objectives of this research are to determine the level of awareness of FDPM employees regarding FDPM ICT Security Policy as well as to investigate the factors that influence information security awareness. Inputs from this study were derived from both primary and secondary sources to meet the objectives. Primary data was gathered through surveys where 130 questionnaires were distributed to FDPM headquarters employees at the management, professional, and support team levels. Meanwhile, secondary data was gathered from FDPM annual and management reports, statistical data, journals, reference documents, and the Internet. The findings were analyzed statistically using SPSS. The level of awareness has been determined and an appropriate criterion to improve the level of information security awareness among FDPM employees was recommended which may help for a better understanding of department culture and increase a higher level of security awareness among FDPM employees.

Download Full-text

Enterprises having a formally defined ICT security policy by size, 2015

OECD Digital Economy Outlook 2017 ◽

10.1787/9789264276284-graph123-en ◽

2017 ◽

Keyword(s):

Security Policy ◽

Ict Security

Download Full-text

Classified Information Protection in Poland

Safety & Defense ◽

10.37105/sd.61 ◽

2020 ◽

Vol 6 (1) ◽

pp. 48-62

Author(s):

Stanisław Topolewski

Keyword(s):

Security Policy ◽

State Level ◽

The State ◽

Security Measures ◽

Intelligence Services ◽

Sense Of Security ◽

The Government ◽

Criminal Groups ◽

The Stability ◽

Ict Security

Acquiring information that has an impact on a country's security, i.e. its independence, sovereignty and international position, by unauthorized persons, whether from another country's intelligence services or criminal groups, may have far-reaching consequences. Therefore, to preserve the stability of the state and give a sense of security to citizens, the most important task and duty of the government is to protect them. It can be provided by an efficiently functioning system that will guarantee restrictions on access to classified information, its proper processing, as well as the use of appropriate and sufficient physical and ICT security measures. For this reason, this system requires at the state level precisely defined rules and norms based on the law, defining the principles of creating classified information, how to protect it and sanctions that can be applied in the event of non-compliance. The protection of information having a significant impact on the functioning of the Polish state in each period of its existence was an important element of defense and security policy. with the restoration of independence, the protection of secrets took on special significance both for the country's existence and the foundations of its existence. It was realized that their disclosure could be fatal to its organization and functioning, as well as defense capabilities. The presented material presents the evolution of the protection of classified information in Poland, and its importance for the security and defense of the state by ensuring the effectiveness (concealing) of actions aimed at their implementation.

Download Full-text

ICT Security Policy

Cyber Crime ◽

10.4018/978-1-61350-323-2.ch501 ◽

2013 ◽

pp. 999-1015

Author(s):

Lawan A. Mohammed

Keyword(s):

Security Policy ◽

Computer Crime ◽

Security Policies ◽

Security Challenges ◽

Ict Security

Computer crime is now becoming a major international problem, with continual increases in incidents of cracking, hacking, viruses, worms, bacteria and the like having been reported in recent years. As a result of this massive vulnerabilities and new intrusion techniques, the rate of computer crime has accelerated beyond imagination. It is therefore vital to find policy of reducing and controlling the risk associated with such activities. However, unless the security challenges and countermeasures are well understood, the policy may not yield any fruitful results. This chapter discusses different categories of computer crime for the benefit of individuals and organizations concern with combating the problem. The chapter also discuses some security policies as means of limiting some of the vulnerabilities mentioned.

Download Full-text

A Framework for ICT Security Policy Management

Advances in IT Standards and Standardization Research - Frameworks for ICT Policy ◽

10.4018/978-1-61692-012-8.ch001 ◽

2010 ◽

pp. 1-14 ◽

Cited By ~ 3

Author(s):

Sitalakshmi Venkatraman

Keyword(s):

Information And Communication Technologies ◽

Security Policy ◽

Security Policies ◽

Policy Management ◽

Business Operations ◽

Information And Communication ◽

Policy Alignment ◽

Ict Infrastructure ◽

High Level ◽

Ict Security

Organisations around the world are increasingly relying on the potential of information and communication technologies (ICTs) for their business operations as well as competitiveness. Huge amounts of money and time are invested on ICT infrastructure as there exists a high level of business dependency on ICT. Hence, protecting the ICT resources using effective security policies is of utmost importance for the sustenance of organisations. With the recent exponential rise in ICT security threats witnessed worldwide, governments and businesses are trying to successfully develop ICT security policies for their internal and external operations. While ICT security best practices are quite similar globally, ICT security policy management is very much localised and specific to different business scenarios and applications. Moreover, ICT security policies in an organization keep evolving from time to time and more recently changes take place at a much faster pace. This situation warrants a pragmatic framework for the development and management of ICT security policies in an organisation. Much research has focused on formulating frameworks for ICT management in general and there is a paucity of guidelines in literature for ICT security policy management, in particular. This chapter explores ICT security management issues faced in different environments and proposes an integrated framework for managing ICT security policies in an iterative manner. The framework provides the flexibility and adaptability for different organisations to follow the guidelines effectively as it emphasises on policy alignment with business objectives. Since the framework underpins the continuous improvement philosophy, it caters to ICT security policy reform and implementations for the future as well.

Download Full-text