The purpose of this project is to investigate and resolve problems related to the implementation of the security policy in Marang District Council. Furthermore, the ICT Security Policy System is to be designed, developed in order to assist the Information Technology Department (BTM). In addition, these documents must be compliant to the ISO 27001 standard and the Information Technology Security and Communication Policies for the Public Sector which is developed by MAMPU. The ICT Security Policy System is a web based system. All results would be presented and discussed.
ICT Security Policy is a common topic that is being discussed in the public sector, because security incidents happen to organizations that offer online services to the public.
These problems or incidents are also affecting the IT Department (BTM) at Marang District Council (MDM), as we also provide computer and internet facilities to our users. Based on the research findings, including inputs gathered from the respondents from Marang District Council, these problems can be reduced by providing a computerized ICT Policy document guideline, creating user awareness programs and by enforcing these ICT Policies.
Table of Contents
1 Introduction
1.1 Problem Statement
2 Project Goals
2.1 Project Objectives
2.2 Project Scope
3 Literature review
3.1 Issues Raised
4 Methodology
5 System Design
5.1 Database Design
5.2 Program Code
6 Benefits of the System
6.1 General Benefits of MDM and Local Authorities
7 Conclusion
Project Goals and Scope
The primary objective of this project is to develop and implement a web-based ICT Security Policy system for the Marang District Council (MDM). By providing a centralized, computerized guideline and enforcement tool, the project aims to resolve existing security management challenges and ensure compliance with established government standards and ISO 27001 requirements.
- Development of a web-based ICT security compliance system.
- Alignment with ISO 27001 standards and MAMPU guidelines.
- Automation of ICT security policy documentation and management processes.
- Improvement of security awareness and incident mitigation for the IT Department (BTM).
- Support for management in tracking policy implementation stages.
Excerpt from the Book
1 Introduction
The rapid development of Information Technology in this country proves how fortunate our generation nowadays. As a result, we have a world without boundaries. Information, Communication and Technology (ICT) does not only serve as a communication agent, it also acts as a bridge for user to benefit as part of the routine and the necessities of life.
The security of ICT is closely related to ICT assets and information protection [11] [8]. This is because the hardware equipment and software components that are part of the ICT assets in government organisations are large investments and need to be protected[1],[14]. In addition, the information stored in the ICT system is valuable because a lot of resources are required to produce it and the information will be difficult to be re-generated in a short period of time.
Furthermore, certain information that has been processed by the ICT system is deemed to be sensitive and classified. Unauthorized disclosure or information leakage could harm the national interest. Any usage of government’s ICT assets apart from the outlined purpose and intention is considered as misuse of government’s resources. ISMS survey which was conducted by CyberSecurity Malaysia in the month of October 2011 on 100 organizations had revealed that normal attacks are viruses (87%) and mail spamming (83%). In addition, more than 68% of the organizations have little knowledge on ISMS. Moreover, 37% of the organizations do not have any security policy at all [10].
From time to time, in order to address these risks, Government’s ICT Security Policy will be consistently defined through ICT Security Standards which covers guidelines and ICT security measures [4]. The usage of all these documents as an integrated whole is recommended. This is because the formulation of policies, standards, rules, outlines and security measures are oriented in order to protect data confidentiality; information and the conclusion that can be made out of it.
Summary of Chapters
1 Introduction: Provides an overview of the importance of ICT security in modern government organizations and highlights the risks associated with inadequate security policies.
1.1 Problem Statement: Discusses the inherent difficulties in maintaining ICT security due to system complexity, vulnerabilities, and the need for standardized safety measures for all information assets.
2 Project Goals: Defines the core objective of implementing a system to help MDM achieve compliance with ISO 27001 and MAMPU standards.
2.1 Project Objectives: Outlines the specific steps to conduct research, build a prototype, and create security policy documentation.
2.2 Project Scope: Specifies the technical boundaries of the project, including the use of PHP and MySQL, and identifies the key personnel involved in the system.
3 Literature review: Reviews existing statistics on organizational ICT security awareness in Malaysia, highlighting the need for better enforcement.
3.1 Issues Raised: Details survey findings indicating a low level of ICT security awareness among many organizations.
4 Methodology: Explains the use of the Rapid Application Development (RAD) strategy to involve users in the system design and implementation process.
5 System Design: Presents the architectural overview and data flow of the web-based system, including user roles and administrative functions.
5.1 Database Design: Lists the essential data files used by the system to store policy information and user logs.
5.2 Program Code: Provides examples of the code used for policy compliance evaluation and reporting calculations.
6 Benefits of the System: Summarizes the advantages of the new system, such as accessibility, standardization, and improved monitoring of policy stages.
6.1 General Benefits of MDM and Local Authorities: Explains how the system can serve as a scalable model for other local authorities and improve compliance oversight.
7 Conclusion: Summarizes the strategic importance of the developed system in providing a framework for common security rules and governance within MDM.
Keywords
ICT Security Policy, Local Authorities, Marang District Council, ISO 27001, MAMPU, Information Security Management System, System Implementation, Rapid Application Development, PHP, MySQL, CyberSecurity, Data Confidentiality, Risk Management, Security Awareness, Web-based application
Frequently Asked Questions
What is the primary focus of this research?
The research focuses on addressing ICT security challenges at the Marang District Council (MDM) through the development and implementation of a centralized, web-based security policy system.
What are the central themes of the work?
The central themes include ICT security compliance, organizational information protection, adherence to ISO 27001 and MAMPU standards, and the role of system design in mitigating operational risks.
What is the main goal of the project?
The main goal is to help MDM comply with government ICT security directives by providing a system that assists in the preparation, management, and evaluation of security policy documents.
Which methodology was employed for development?
The project utilized the Rapid Application Development (RAD) methodology, which emphasizes user involvement throughout the analysis, design, and implementation phases to ensure system effectiveness.
What topics are covered in the main body of the document?
The main body covers the identification of ICT security issues, the definition of project scope and objectives, the technical design of the database and software, and the operational benefits for the MDM and local government authorities.
Which keywords best characterize this work?
Key terms include ICT Security Policy, ISO 27001, MAMPU, Rapid Application Development, MDM, system design, and information protection.
How does the system handle different user roles?
The system assigns permissions based on specific user groups, allowing IT Managers and administrators to control access, manage logins, and monitor policy implementation effectively.
What is the benefit of using a web-based approach for this policy system?
A web-based approach allows users to access the system from anywhere at any time, which improves reliability, deployment, and the efficiency of policy monitoring and updates.
In what way does the system help MDM comply with ISO 27001?
The system incorporates 11 domains of information management and circulars from MAMPU directly into its framework, ensuring that all policies stored are aligned with national security directives.
Can the results of this research be applied outside of the Marang District Council?
Yes, the development blueprint serves as a guideline and basis for other local authorities, facilitating broader adoption of standardized ICT security policies across Malaysia.
- Arbeit zitieren
- Mohd Farizul Mat Ghani (Autor:in), 2015, System ICT Security Policy and the Implementation by Local Authorities in Malaysia, München, GRIN Verlag, https://www.grin.com/document/312614
