CompleteGroupAssignment

FACULTY OF INFORMATION MANAGEMENT
UNIVERSITI TEKNOLOGI MARA

BACHELOR OF INFORMATION SCIENCE (HONS)
INFORMATION SYSTEM MANAGEMENT

IMS656 (MANAGEMENT OF INFORMATION SYSTEMS DEPARTMENT)

TITLE:
MANAGEMENT OF INFORMATION SYSTEM DEPARTMENT AT CIAST

PREPARED BY:

SUZAINI BIN SUPINGAT
(2015378315)

MOHD KHAIRUL BIN NAZARUDDIN
(2015929603)

AWANGKU ARIFF SHAH EDZAN BIN AWANGKU AMIR AZAM
(2015982601)

PREPARED FOR:

MADAM NORAIZAN BT AMRAN

SUBMITION DATE:

28 JUNE 2020

ACKNOWLEDGEMENT

First and foremost, thanks to Allah s.w.t because made our journey for complete this task or
assignment going smooth and Insha’Allah, we have try our best to complete the assignment
that has been assign to our group during the time period has been given. During preparing
this assignment, we realize that our group assignment still need improvement and we also
realize this assignment is still far to achieve the expectation our helpful lecturer Madam
Noraizan bt Amran Therefore, suggestions and criticism especially from the readers of this
assignment, we accept with our open heart. We’ll need a lot of guidance and assistance to
make our assignment become success and have good outcome. We extremely thankful and
indebted our Madam Noraizan bt Amran for sharing his expertise, always guide his students
and give encouragement to us as a student.

ABSTRACT

The purpose of this e-book is to encourage to read anything related to the management of
information system department. This e-book is very important to improve the knowledge of the
student and at the same time to expose to them about the management of information system
department. The control of an information system department is studied when its manager has
confidential information about the departments vision, mission and objective which may differ
from another department or section or division in the same organisation. With this review
students are able to gain some knowledge about the management of information system
department and make the understanding deeper. This e-book was made regarding to the
information that gets from the individual or person in the organisation that we choose which is
CIAST or Centre for Instructor and Advance Skills Technology

Contents
1. Organization Overview .............................................................................................................1

i. Vision, Mission and Values.....................................................................................................1
ii. Product and Services...............................................................................................................2
iii. Organizational Structure & Departments..............................................................................3
iv. Electronic Learning and Multimedia (PEM) Division/Program...........................................4
2. Management of IT/IS Department Personnel (Human Resources) ...............................6
i. Head of IT/IS Department Profile...........................................................................................6
ii. Positions & Job Descriptions in PEM division......................................................................6
iii. Staffing Process in PEM division ...........................................................................................8
a. Recruitment ...............................................................................................................................8
c. Performance Appraisal / Review..........................................................................................10
d. Promotion / Demotion ............................................................................................................12
e. Retirement / Separation ........................................................................................................12
iv. Training & Career Development Opportunities ..................................................................12
v. System/Application/Tools to manage IT/ISD Personnel ..................................................13
3. Business Relationship............................................................................................................14
i. Stakeholders Management...................................................................................................14
ii. Communication Medium with Stakeholders .......................................................................14
iii. System/Application/Tools to manage IT/ISD Stakeholders .............................................15
4. IT/IS Department Infrastructure............................................................................................16
i. Facilities ...................................................................................................................................16
ii. ICT Equipments (main location)...........................................................................................17
iii. PEM unit and server room floor plan layout .......................................................................18
iv. System/Application/Tools to manage IT/ISD Facilities/Equipment .................................18
5. Management of Software / Applications & Data Resources.........................................20
i. Software / Application Description.......................................................................................20
ii. Data Storage ...........................................................................................................................22
iii. Software & Data Maintenance..............................................................................................22
iv. System/Application/Tools to manage IT/ISD Software and Database ...........................22
6. Management of Hardware Resources ................................................................................23
i. Hardware Description ............................................................................................................23
ii. Hardware Maintenance .........................................................................................................24
iii. System/Application/Tools to manage IT/ISD Hardware Resources ...............................24
7. Management of Telecommunication Resources .............................................................25
i. Types of Communication Network Used ............................................................................25

ii. Intranet / Extranet / Internet ..................................................................................................25
iii. Communication Medium / Applications Used (internal & external) ................................25
iv. System/Application/Tools to manage IT/ISD Telecommunication Resources ..............26
8. Management of Procedures & Documentation ................................................................27
i. Act & Legislation Referred ....................................................................................................27
ii. Policies / Rules and Regulation ...........................................................................................27
iii. Standard of Procedure (SOP) Used....................................................................................28
9. IT / IS Department Service Desk ..........................................................................................28
Conclusion ......................................................................................................................................... 29
Appendices ........................................................................................................................................ 31

1. Organization Overview

The Instructor Training and Advanced Skills Center (CIAST) is in Shah Alam, Selangor. CIAST
started its operations in 1983 with the financial support of the Japanese government as part
of the ASEAN Human Resource Development Project and was organized through 1991 by
Japanese technical and administrative experts through JICA. CIAST is fully controlled by the
Department of Labor, which started its operations from 1991 to May 2007 and was transferred
to the same department in June 2007 under the control of the Department of Skills
Development (DSD).

Figure 1: CIAST Logo

i. Vision, Mission and Values
a. Vision
Leading organizations in developing and empowering world-class educators in the
field of skills
b. Mission
Develop world-class educators who are knowledgeable, competent, disciplined and
responsive to environmental and technological change
c. Values
• To produce educators to meet the needs of national skills training institutions
• To continuously enhance the teaching staff in the field of skills and training
methodologies as the technology progresses
• Accredited educators and industry experts in accordance with the Malaysian
Skills Certification System
• Enhance skills training curriculum
• Strengthen international relations and training
• Strengthening information and communication technology infrastructure as

1

well as electronic and multimedia learning systems
• Provide a conducive and relevant training environment and facilities
• Foster good values, positive attitudes and a healthy work culture for

Educators
ii. Product and Services

CIAST offers long-term courses such as the Vocational Training Officer (VTO) Certificate
Level 3, Vocational Trainer Advanced Diploma (DLPV) Level 5 (in the fields of Electronics,
Mechatronics, Production, Welding and Automotive Engineering) and Malaysian Skill
Certificate Level 3 + VTO (in the fields of Electronics, Mechatronics, Production, Welding,
Automotive Engineering, Computer Systems and Computer Networks). Apart from that,
CIAST also offers short-term courses in the technical field and courses related to teaching
skills, specifically in the vocational field. CIAST provides modular courses or short-term
courses to the public or industry players and instructors. In addition, it has an accreditation
system for industry experts with experience in vocational and technical skills.

2

iii. Organizational Structure & Departments

Director

Ts.Dr. Mohamad bin
Sulaiman

Head of Head of Corporate Deputy Director Deputy Director
Administration and (Training
Human Resources (Planning &
Management) Jamil Development) Mohd
Services bin Yahaya
Ghazali bin udin

Head of Program PPK Head of Program SPD Head of Program Head of Program KK Head of Program PPL
PEM Hamdan bin Hashim Azian bin Hussin
Dr. Puteh Melor
Wesma bt Salehen Ainin Nisak bt Ahmad
Asnawi

Figure 2: CIAST Organization Chart

3

iv. Electronic Learning and Multimedia (PEM) Division/Program

PEM (Program Pembelajaran Elektronik dan Multimedia) or Electronic Learning and
Multimedia Division is one of the operations supporting division in CIAST. The main
function of this division is to operate, manage, and monitor every single aspect related to
ICT hardware, software, system application and networking at CIAST. This division is
separated into four unit. Every unit is responsible to their respectively jobs and function

HEAD OF
DIVISION/UNIT

NETWORK SYSTEM E-TRAINING ICT & AVA
INFRASTRUCTURE & INFRASTRUCTURE EDUCATION MAINTENANCE UNIT

OPERATION UNIT UNIT UNIT

Figure 3: PEM Organization Chart

Function and services of every unit

a. Network Infrastructure and Operation Unit
• Plans, manages, coordinates, monitors and organises LAN and WLAN network
systems and hardware including internet access.
• Plans, manages, coordinates, monitors and organises LAN and WLAN network
systems and hardware including internet access.
• Planning, managing, coordinating, supervise and implement maintenance project /
system and hardware of LAN and WAN networking procurement.
• Planning, managing, coordinating and supervise office automation maintenance, ICT
asset and managing procurement of consumables / computer spare parts and
disposal of ICT assets.
• Planning, managing, coordinating and supervise photography, multimedia and AVA
works.

4

b. System Infrastructure Unit
• Plans, manages, coordinates and monitors the development/upgrading, integration
and operation of new and existing systems and the CIAST portal.
• Plans manages, coordinates and monitors the procurement of ICT hardware and
disposal of ICT assets.

c. E-Training Education Unit
• Manages, coordinates and handles the implementation of Crash Courses,
Modular/Customized Program, Learning Management System trainer enhancement,
in-house courses, Effective Multimedia Development and VTO modules.
• Coordinates and monitors the implementation of the Department of Skill
Development e-Training Privatization Program Concession Project.

d. ICT & AVA Maintenance Unit
• Plans, manages, coordinates and monitors the maintenance of office automation
repairs and ICT hardware and manages the procurement of consumables/computer
spare parts
• Plans, manages, coordinates and monitors broadcasting (AVA), multimedia and
photography.

5

2. Management of IT/IS Department Personnel (Human Resources)
i. Head of IT/IS Department Profile
Madam Ainin Nisak binti Asnawi is being appointed as new Head of Program (PEM)
started form March 2020. With the master’s degree Qualification in Electrical
Engineering she now leading PEM program. Before she joined PEM, she was at SPD
unit as the Senior Program Manager. Even though her background wasn’t in
Information Technology or Information System, but her previous job was related to
Information Technology. She also has been teaching in IT field specifically in database
management system and server configuration. She likes challenges and also hope
that with the support from his subordinates and the top management she will make
PEM division as the best division in term of IT and IS management to serve the
stakeholder of CIAST.

ii. Positions & Job Descriptions in PEM division

No position Job Description

1 Head of division Grade DV 52 Responsible to the Director of the

Institution for coordinating his/her

activities at the national level at the

Institution as specified.

2 Head of Network Infrastructure Responsible to the head of division PEM

and Operation Unit for coordinating his/her activity in

managing, planning, organize, budgeting

and decision-making regarding network

infrastructure at CIAST

3 Head of System Infrastructure Responsible to the head of division PEM
Unit for coordinating his/her activity in

managing, planning, organize, budgeting

and decision-making regarding system

infrastructure at CIAST

4 Head of E-Training Education Responsible to the head of division PEM

Unit for coordinating his/her activity in

managing, planning, organize, budgeting

and decision-making regarding E-

Training at CIAST

5 Head of ICT & AVA Responsible to the head of division PEM

Maintenance Unit for coordinating his/her activity in

6

No position Job Description

managing, planning, organize, budgeting

and decision-making regarding ICT

hardware and Audio Visual at CIAST

6 Information Technology Officer Responsible for studying and analysing

the suitability of existing computer

systems and designing, developing,

implementing, maintaining and reviewing

data processing systems and

information appropriate to departmental

use.

7 Vocational Training Officer Responsible for teaching theory and

practical, providing consulting services

for students and outsiders, supervising

student projects, conducting research,

providing community and professional

services, helping to develop student

potential and personality and manage

academic/vocational related activities.

8 Computer technician Responsible for carrying out tasks

including maintenance of computer

systems such as maintenance and

maintenance of IT equipment as well as

maintenance of computer applications

and systems operation within an

organization.

Figure 4: Position and job description table

7

iii. Staffing Process in PEM division
CIAST is a government organization. For the recruitment process, it is one hundred
percent managed by the Public Service Commission. Formally, the Public Service
Commission has been formed as provided in Article 144 (1). The following are the
provisions of Article 144 (1) of the Federal Constitution: Subject to the provisions of
any applicable law and to the provisions of this Constitution, shall be the duty of a
Commission intended by this Part to appoint, endorse, enter into permanent or
pensionable posts, promote the transfer and exercise of disciplinary control over its
members for services covered by its jurisdiction.

a. Recruitment
For the recruitment process of the government staff, the process will be using
profiling-based recruitment (MyRecruitment). The profiling method
(MyRecruitment) is a transformation of the recruitment method implemented by the
Public Service Commission (SPA). MyRecruitment aims to find candidates who
have the right profile in terms of personality, interests, attitudes, intelligence and
skills. The match between personality and job and job type is important to ensure
job satisfaction, job motivation and high productivity.
Implementation of MyRecruitment involves candidates having to go through
four (4) screening processes before being offered such as initial screening,
examination, competency assessment and interviews. The filtering process in
MyRecruitment is structured as follows:

(i) Initial Filters
Candidates who register online with the SPA will be refined for their application if
they meet the requirements of the service scheme for the position they are applying
for.

(ii) Examination
Candidates who have passed the initial screening will be required to sit for the
examination to assess general knowledge, knowledge of applied fields, problem
solving skills and language skills. In addition to this examination, personality tests
and interests were also conducted.

8

(iii) Competency Assessment
Candidates who have successfully passed the exam filter will be through this
session. This session aims to measure the competencies of the candidates in the
Attitude-Skill-Knowledge (ASK) aspect of the job and the job application.
Candidates will be evaluated in terms of communication skills in Malay and English
or other languages required, as well as evaluating the necessary competencies
such as commitment, discipline, teamwork and others.
(iv) Interviews
This session aims to evaluate the suitability and character of the candidates for the
needs of a agencies. This session will validate the assessment made at the
competency assessment session stage.

b. Selection Input
Process

candidates Examination Competency test
who have (Psychological and (written, physical
passed the
initial filtering Aptitude test) and activity)

Output

Interviewing session

Ideal officers/candidates Ideal Officers / Candidates have the
following features:
i. Personality & related interests
ii. Appropriate academic qualifications
iii. Skill
iv. Suitable for tasks

Figure 5: Flow Chart for selection process

9

c. Performance Appraisal / Review
The government servant who working in any government department or
organization, the way to measure their performance is based on Annual Work
Target (SKT) and Key Performance Index (KPI). SKT is an annual job action plan
that needs to be implemented at the Department / Division / Branch / Unit level in
line with the Organization's Annual Work Plan. The main activities / projects to be
undertaken by the officers for the year are evaluated in accordance with the Annual
Plan of the Organization. Now SKT is one of the modules that integrated with
Human Resources Management Information System (HRMIS)

• The importance of SKT
i. Annual Work Targets (CSRs) are important in assisting Appraisers in
evaluating PYD work
ii. SKT provides an accurate picture of the level of achievement of PYD work
iii. Proper provision of CSRs enables the evaluation of the performance of the
officers in an objective, fair and transparent manner
iv. Performance contract agreed between PYD and the Assessing Officer

• Key Performance Index
Key Performance Indicators (KPIs) are related to the performance of an
organization, and are, in fact, indicators of each organization's performance
over a given period of time. The Government has promoted a performance-
based work culture using key performance indicators (KPIs) implemented in
the public service to improve the quality of service delivery. In line with vision,
mission and function of the agencies, each organization needs to measure the
performance of the services provided to ensure that all services are delivered
properly to customers. This indirectly provides a clear picture of the overall
performance of the organization. The list of projects / activities must be in
accordance with the Annual Work Plan; Activity / Project for service group must
be appropriate to the roles and responsibilities of the service group.

10

• Performance Indicator
Performance indicators refer to quality, quantity, time and cost. Each of the
assigned activities / projects must have at least one performance indicator.
Some of the performance indicators that can be used are as follows:
i. number
ii. duration over time target
iii. the total cost of a project
iv. percent
v. average
vi. project specification standards
Another method/tools can be used as performance indicator is using SMART
goal concepts.

Figure 6: SMART Goal approach

• Source of SKT Provisioning for government servant
i. Directions of the Minister / Chief Minister / Government
ii. High Management / KPI directives assigned to the Head of Department
iii. Charter
iv. Individual Tasks List
v. Department Strategic Plan
vi. MY Portfolio

vii. State / Malaysia Plan

11

d. Promotion / Demotion
The basis of promotion for government servant is that the promotion of an officer
is based on merit, in considering the merit of an officer for the promotion of the
promotion board should take into account
i. Efficiency and performance of the employee
ii. Qualifications, skills, knowledge and experience of the officer
iii. Personal traits include its suitability for the promotion, integrity, potential,
and leadership of the employee.
iv. External activity and contribution of the officer to the community and the
country.

Terms of Promotion
The terms of promotion prescribed are as follows:

i. Verified in service;
ii. Achieve a specified level of performance;
iii. Exceed the assessment of the specified efficiency level;
iv. Verified by the Head of Department / Head of Service;
v. Free from disciplinary punishment;
vi. Has declared the property;
vii. Pass the integrity of the Malaysian Anti-Corruption Commission
viii. (MACC);
ix. Be exempted from being listed as a hardcore education borrower from

educational loan institutions; and
x. Such other conditions as the Board may determine.

e. Retirement / Separation
The mandatory retirement age (full age) of a civil service member is 55/56/58 or
60 years subject to the retirement age of the selected member.

iv. Training & Career Development Opportunities
To enhance working skills for civil servants, various courses and training have been
provided by the government and the private sector. Applicable courses and training.
The Cross-Fertilization Program (CFP) has been and will continue to be one of the
government's strategic initiatives to develop the best talent in the public sector. The
initiative will provide opportunities and opportunities for employees to gain new
knowledge, skills and experience through temporary placements to other organizations
in the public and private sectors.

12

v. System/Application/Tools to manage IT/ISD Personnel
Human Resources Management Information System (HRMIS) is one stop center
application system developed specifically to facilitate human resource management
processes in all public agencies throughout Malaysia. HRMIS is fully developed
taking into account all HR processes and functions from start to finish. All employee
related records throughout the service will be digitally recorded and stored. The
objectives of HRMIS system are
i. Workforce planning and effective public service size determination
ii. Automate the human resource management process
iii. Develop an integrated and updated information system
iv. Facilitate communication and integration through a single window concept
v. Contributes to the paperless environment
vi. Information that meets the needs of various levels of management

Figure 7: HRMIS System

13

3. Business Relationship
i. Stakeholders Management
Stakeholder management is to ensures that stakeholders are appropriately involved
in all aspects of the project, program or portfolio. The aim is to:
• ensuring that the views and attitudes of all stakeholders are understood;
• influencing stakeholders to support work wherever possible;
• maximizing the impact of stakeholder support;
• minimize impacts that do not support stakeholders.
Stakeholders are individuals or groups who have an interest in a project, program or
portfolio because they are involved in work or are influenced by outcomes. Most
projects, programs and portfolios have one type of stakeholder with differences and
sometimes competition. Individuals and groups have a significant influence on the
success or failure of work that might occur. The CIAST stake holder as below
a. Internal stake holder
- CIAST Director
- CIAST Deputy Director
- CIAST Head of Program
- Head of unit coordinator
- CIAST staff
b. External stake holder
- Full time student
- Short courses participant
- International participant
- Various government Agency
- Various private agency
- Supplier

ii. Communication Medium with Stakeholders
The communication among staff, head of program and the top management is the key
for delivery the information for better understand, build respect and trust. It is also to
fix the difference and to stimulate a better environment where problem solving, creative
ideas, caring and affection can be done. Communication between stake holder is very
important. This people need to communicate with each other in the department or unit
to making a decision, planning and problem solving for the sake of their department.
The communication method that CIAST and the stakeholder use is by using meeting,
monthly report, memo, email, phone call, video conference and messages. Other than

14

that, they also using WhatsApp’s and Telegram app as their medium for
communication.
iii. System/Application/Tools to manage IT/ISD Stakeholders
The application or tool that PEM used to manage the information of the stakeholder
is by using automatic and manual reporting. For automatic reporting PEM used
automate actions such as send email action, web browser action and Excel/ODS
action. With the automate, it is easy to manipulate the data about the stakeholder
information and automate reporting accross the organisation. Meanwhile for the
manual reporting PEM still used this method for collecting and manipulating the
stakeholder information and data.

15

4. IT/IS Department Infrastructure
i. Facilities
PEM is a unit that be responsible in ICT asset management from hardware, software,
system and telecommunication at CIAST. Many ICT facilities are provided and
maintained by PEM. As mentioned, early PEM has four unit with different job scope
mainly for hardware, software and system, networking and Audio Video equipment
and facilities. Under PEM asset management for facilities are
a. Server room
b. PC maintenance room
c. Online and offline broadcasting studio
d. ICT Equipment store
e. Computer lab
f. Smart classroom
g. Gigabit Networking facilities
h. WIFI facilities

16

ii. ICT Equipments (main location)

No Location Equipment Quantity
10 unit
1 Server Room Server rack 1 unit
1 unit
Firewall 4 unit
6 unit
Network load balancer 11 unit
6 unit
Core switch 3 unit
4 unit
Distribution switch 10 unit
5 unit
Physical server 5 unit
5 unit
Virtual server 2 unit
4 unit
Remoter terminal Unit 4 set
1 unit
Router 4 unit
5 unit
Redundant power supply 2 unit
2 unit
Network Attached Storage 2 unit

2 PC maintenance room Personal Computer 6 unit
3 unit
Notebook 2 unit

Printer

Fault diagnostic devices

Maintenance and repair tools

WIFI router

3 Online and offline Digital Video Camera

broadcasting studio Digital Camera

Audio mixer

Video mixer

Video and audio editing

equipment

Lighting system

Editing computer

Network Attached Storage

(NAS)

Figure 8: Equipment list table

17

iii. PEM unit and server room floor plan layout

Figure 9: PEM unit office layout and server room
PEM server room has been designed with a redundant and dual-powered instance of
servers, storage, network links and power cooling equipment. The cooling equipment
will run continuously 24 hours/7days /365 days. This server room is also equipped with
raised floor system, server cabinet system, gigabyte network, and security system.
Distribution paths are physically isolated from one another and are often referred to as
“compartmentalized” distribution paths, preventing harm from a single event that may
take place on site. 12 hours on-site of fuel storage ready to use when it need it.
iv. System/Application/Tools to manage IT/ISD Facilities/Equipment
Cisco UCS is a Cisco product output for the server market, as are other vendors like
IBM and HP. But for this Cisco UCS he provides centralized management in the
sense of all physical (hard disks, network interfaces, etc.) that are on the UCS
chassis and can later be managed by the UCS manager. Cisco UCS combines
compute, data network access, and storage network access into a centralized
management set. So all of the things mentioned earlier can be controlled through the
UCS manager. There are several important components for this UCS, including:
a. Cisco UCS Fabric Interconnect

18

Cisco UCS 6200 Series Fabric Interconnect (FI) functions to provide network
connections, management and also components for the UCS Server. There are 2
modes can be made standalone or cluster can also be made, but if from cisco
recommend to make a cluster so that management is easier later.
b. Cisco UCS Fabric Extender
Cisco UCS 2200 Series Fabric Extenders or can be called I / O modules. This
functions as an extender / "manager" port of the Fabric Interconnect which can
later be used for Ethernet, FCoE and also management.
c. Cisco UCS 5100 Series Blade Server Chassis
This is the function of "container" of each server.
d. Cisco UCS B-Series Blade Servers
This is like a kind of hard disk that is the "space" storage server.
e. Cisco UCS B-Series Network Adapters
- Ethernet adapters
- Converged network adapters
- Virtual interface cards
f. Cisco UCS Manager
The Cisco UCS Manager is embedded in physical fabric interconnects. There are
2 modes for access to this UCS manager, can be via the web-base directly or run
the application. Just have to install java first so you can run the application.
g. Cisco UCS C-Series Rack-Mount Servers

This can also be called an extender from the UCS system. He can join the
existing UCS system or can also be used standalone, in contrast to the B-Series
which must connect to its parent

Figure 10: Cisco UCS Login interface

19

5. Management of Software / Applications & Data Resources
i. Software / Application Description
PEM unit has developed in house information system management application for
CIAST internal usage.
a. Seminar/Course system (SISEM)
SISEM is an online system that was developed by PEM. The purpose of SISEM
was to facilitate the production of seminar / course reports conducted at CIAST
for top management monitoring. The modules available in SISEM are the Course
Registration Module, Participant Registration Module and Course Report Module.
The advantages of using SISEM are:
i. Data management is central to their organizations
ii. Seminar/Course reports are automatically generated
iii. Monitor attendance of participants is easily shared by seminar / course
secretariat.
iv. Easily accessible 24 hours online

Figure 11: SISEM lIogin interface

b. E-Budget Application
The e-Budget application went into effect on August 16, 2012 through the Billing
Management Instructions. 5th of 2012. It is an electronic financial information
management system for information monitoring systematic and web-based
conceptual finance. User categories are system administrators, head of program,
procurement officers, account managers and petitioner. Types of financial
information that can be systematically monitored by section / the program is as
follows:
i. Preparation of annual budget projections
ii. Considering the annual budget
iii. Request for allocation to Headquarters
iv. Receiving the allotment warrant
v. Managing distribution of allocation
vi. Manage procurement applications

20

vii. Monitoring of revenue management
viii. Preparing expense performance reports
ix. Application for overtime allowance, travel allowance and speaker

allowance

Figure 12: E-Bajet Iogin interface

Figure 13: E-Bajet interface

21

ii. Data Storage
For data storage inside the server is using SAS SSD with capacity 2.4TB. Every server
is hot plugin with 6-unit SAS SSD. Why using SAS? SAS is the new generation of SCSI
technology. It's similar to the popular ATA Serial hard drive (SATA). It uses serial
technology to achieve higher transmission speeds and increases internal space by
shortening connection channels. SAS is a new interface developed after the parallel
SCSI interface. These interfaces are designed to improve the performance, availability
and accessibility of storage systems and provide compatibility with Serial ATA (SATA)
hard drives.
What is SSD? SSD stands for Solid State Drive is a data storage device that
uses a series of ICs as memory that is used to store data or information. SSD devices
embed silicon-based memory chips as storage media for writing and reading persistent
data. SSDs, also known as flash drives or flash cards, are inserted into slots on server
computers - referred to as server-side flash storage - or as part of various corporate
flash storage systems. As an analogy, we may be familiar with USB Flash Drives or
USB Thumb Drives or USB memory sticks. An electronic device that we use to store
data, which we often carry around, that is plugged into the computer's USB terminal
when it wants to retrieve or store data

iii. Software & Data Maintenance
Basically, PEM software developer using two type of software which is proprietary
software and open source software. But majority for development of any Information
system application usually the developer will use open source software such as Yii
PHP Framework. For data management developer will use MySQL and other related
data tool management such as MariaDB

iv. System/Application/Tools to manage IT/ISD Software and Database
Replication is a technique for copying and distributing data and database objects from
one database to another database and synchronizing between databases so that data
consistency can be guaranteed. Database replication can be used if an organization
is supported by hardware and software applications in a distributed system through
local or internet network connections. Different applications have different
requirements for data autonomy and consistency and users can work by copying data
when they are not connected and then making changes to create a new database
when connected. By using Vmware workstation and Ubuntu server 14.0 which
provides network simulation facilities between PCs even though there is no Network
card or hub or switch installed. By using Vmware wokstation and Ubuntu server, the

22

Database Replication System will also be built. By utilizing the database replication
system, each client or user can mutually use a database that is replicated from the
server, so that any changes from the server or client side can be directly stored on the
entire system.

6. Management of Hardware Resources
i. Hardware Description
a. Categories of Computer
a. Personal Computer
b. Notebook
c. Workstation
d. Server
b. Input Devices
e. Scanner
f. USB Web Camera
g. Keyboard
h. Mouse
i. OCR Reader
j. Bar Code Reader
k. Digitizer
c. Output Devices
l. Monitor
m. Printer
n. LCD Projector
d. Storage Devices
o. NAS (Network Attached Device)
p. Cloud storage
e. Network & Telecommunication Devices
q. Router
r. Network switch
s. Firewall
t. Core switch
u. WIFI Access point
v. Fiber optic backbone
w. Ethernet
x. Internet

23

ii. Hardware Maintenance
Hardware should be properly maintained to ensure availability and integrity.
a. All hardware is maintained must comply with the manufacturer's
specifications has been set;
b. Hardware can only be maintained by staff or authorized persons only;
c. All appliances should be checked and tested before and after the
maintenance process done;

iii. System/Application/Tools to manage IT/ISD Hardware Resources
e-Maintenance is an application developed to receive and monitor CIAST staff
maintenance and repair applications. Maintenance and repair applications cover all
aspects such as infrastructure, assets, online applications, facilities and services
offered by CIAST. All applications submitted will continue to reach the responsible
party based on the categories and subcategories selected by the applicant.

Figure 15 : E-Selenggara interface

24

7. Management of Telecommunication Resources
i. Types of Communication Network Used
For networking, CIAST is designed with star network topology. The core switch is
connected by fiber optic cable to the distribution switch and from the distribution
switch to access switch is connected with Gigabit LAN Ethernet communication.

Figure 16: Typical CIAST network design
ii. Intranet / Extranet / Internet

CIAST main internet is connected to the Government Integrated Telecommunication
Network (MyGov * Net). MyGov * Net is a Government Integrated Telecommunication
Network that provides network infrastructure for Ministries, Departments or Federal
Government Agencies and Federal Statutory Bodies under the Ministry's
remuneration. MyGov * Net is an initiative designed to support the Government's
service delivery system, offering a range of services to enable access to Electronic
Government applications, agency / Intranet internal applications and Internet access.
iii. Communication Medium / Applications Used (internal & external)

• Webmail
• CIAST website
• CIAST official Facebook page
• Phone
• Video Conference

25

iv. System/Application/Tools to manage IT/ISD Telecommunication Resources
CIAST is using MyGovUC. MyGovUC is an integrated communications and
collaboration service that is centrally managed at MAMPU. The service integrates
email communication channels, video and audio conferencing, instant messaging and
Identity Management System. In addition, the service also provides information
sharing through the Collaborative Portal and the public information portal through the
MyGovUC Portal. MyGovUC is implemented as a cost-saving measure through
collaboratively integrated communications where all the public sector in Malaysia can
connect and succeed on a project through the communication system offered by
MyGovUC.

Figure 17:MyGovUC services

26

8. Management of Procedures & Documentation
i. Act & Legislation Referred
a. Malaysian Communications and Multimedia Commission Act 1998 [Act 589]
b. Computer Crimes Act 1997, Electronic Trade Act 2006
c. Personal Data Protection Act 2010
d. Consumer Protection Act 1999 (Amendment 2010).
ii. Policies / Rules and Regulation

N0. Circular Discription

1 Pekeliling Am Bil. 2 Tahun 2006 Pengukuhan Tadbir Urus Jawatankuasa IT dan
(13 November 2006) Internet
Kerajaan
2 Pekeliling Am Bil. 1 Tahun 2006 Pengurusan Laman Web/Portal Sektor Awam
(6 November 2006)
Mekanisme Pelaporan Insiden Keselamatan
3 Pekeliling Am Bil.1 Tahun 2001 Teknologi
(4 April 2001) MRaankglukamDaatsdaarnKKeosemlaumniaktaasni (TICeTkn) ologi
Maklumat dan Komunikasi Kerajaan
4 Pekeliling Am Bil. 3 Tahun 2000 Garis Panduan Malaysian Civil Service
(1 Oktober 2000) Link (MCSL) Dan Laman Web Agensi
KPerlakjasanaan Perkongsian Pintar Antara
5 Pekeliling Am Bil. 1 Tahun 2000 Agensi‐Agensi Kerajaan Dalam Bidang
(30 Mei 2000) TJaewknaotalongkiuMasaakIlTumdaant Internet Kerajaan (JITIK)

6 Pekeliling Am Bil. 6 Tahun 1999 Garis Panduan Mengenai Tatacara
(15 Disember 2009) Penggunaan Internet & Mel Elektronik Di
GAgaerinssPi‐aangdeunasni KPeernaijlaaaiann Tahap Keselamatan
7 Pekeliling Am Bil. 2 Tahun 1999 Rangkaian Dan Sistem ICT Sektor Awam
(1 April 1999) Garis Panduan Mengenai Tatacara Memohon
Kelulusan
Pekeliling Kemajuan Pentadbiran TPeknngiukraulsParnojPeeknIgCeTnAdgaelinasni IKnesriadjeanan
Keselamatan Teknologi Maklumat (ICT)
8 Awam Bil.1 Tahun 2003 GSeakrtisorPAanwdauman Penilaian Risiko
Keselamatan Maklumat Sektor Awam
(28 November 2003) Garis Panduan Mengenai Tatacara
Memohon Kelulusan Teknikal Projek ICT
9 Surat Pekeliling Am Bil. 3 Tahun 2009 APegreannsai nKeJarawjaaatannkuasa ‐ jawatankuasa di bawah
(17 November 2009)

10 Surat Pekeliling Am Bil. 1 Tahun 2009
(30 April 2009)

11 Surat Pekeliling Am Bil. 4 Tahun 2006
(9 November 2006)

12 Surat Pekeliling Am Bil. 6 Tahun 2005
(7 November 2005)

13 Surat Pekeliling Am Bil. 4 Tahun 2004
(20 Ogos 2004)

14 Surat Pekeliling Am Bil. 2 Tahun 2000
(20 Disember 2000)

27

15 15 Januari 2002 Malaysian Public Sector Management of Information and
16 2 April 2009 Communication Technology Security Handbook (MyMIS)
17 2007
18 21 Ogos 2003 Dasar Keselamatan ICT (DKICT) MAMPU versi 5.2
19 Ogos 2003
20 Oktober 2006 Arahan Teknologi Maklumat dan Akta Aktiviti Kerajaan
Elektronik (Akta 680)

Pelan Strategik ICT (ISP) Sektor Awam

The Malaysian Government Interoperability Framework
for
GOapreins PSaonudrcueanSoITftOwuatrseo(uMrcyiGnIgFOSS)

iii. Standard of Procedure (SOP) Used
a. Dasar Keselamatan ICT CIAST
b. CIAST ICT Policies

9. IT / IS Department Service Desk
Service desk, in the context of IT, is a department or unit within the organization
responsible for answering the technical questions of its users. Most leading IT
companies have set up helpdesk to answer questions from their customers. Their
questions and answers are usually transferred via email, phone, website, or online chat.
In addition, there is an internal help desk that aims to offer similar forms of assistance,
but only to employees in the organization

In providing help desk services, CIAST has set the following quality objectives: -

i. Resolve technical issues related to ICT received within seven (7) working days
provided that the required hardware and equipment is available and usable.

ii. Provide technical troubleshooting reports related to computer network service
and submitted to the customer within thirty (30) working days after the request is
received provided that all necessary information has been provided by the
customer.

iii. All applications will be recorded in the help desk / logbook and the person
handling the application will be appointed within twenty-four (24) working hours
from the time the application is received.

iv. The help desk services include the following: -
• ICT Equipment Repair Service
• ICT Network Repair Service
• Application System Repair Service

28

Conclusion
As for conclusion CIAST is a one of the leading government organization in producing
competence technical and vocational instructor in selected area. For managing all the ICT
related matter, PEM or Electronic Learning and Multimedia unit is responsible for carrying out
all ICT related matters. Some of Information System software related to budgeting, ICT
maintenance were developed in-house. PEM has various position related to ICT and IS
management for make sure CIAST is ready for operation. For managing human resources,
CIAST is using HRMIS system. This centralized system is a one stop application for manages
the staff. AS the government organization CIAST followed all the act and legislation provided
by the government.

29

References
DKICT CIAST. (n.d.). Ciast. Retrieved June 17, 2020, from https://www.ciast.gov.my/wp-

content/uploads/2018/10/DKICT-CIAST-FINALIZE.pdf
Public Sector ICT Policies and Guidelines. (n.d.). Retrieved June 16, 2020, from

https://www.malaysia.gov.my/portal/content/30074?language=my
CIAST Organisation Information. (n.d.). Retrieved June 16, 2020, from

http://www.ciast.gov.my/
Gupta, R. C., & Jain, T. C. (2009). Management information system. New Delhi, India: Alfa

Publications.

30

Appendices
Group members profile

Name SUZAINI BIN MOHD KHAIRUL AWANGKU ARIFF
Student ID SUPINGAT BIN NAZARUDDIN SHAH EDZAN BIN
AWANGKU AMIR
2015378315 2015929603 AZAM

2015982601

31

KEMENTERIAN SUMBER MANUSIA JPK
JABATAN PEMBANGUNAN KEMAHIRAN

DASAR KESELAMATAN ICT

PUSAT LATIHAN PENGAJAR &
KEMAHIRAN LANJUTAN

Dasar Keselamatan ICT CIAST
Diterbitkan pada Januari 2011 (Edisi 1.0)

DASAR KESELAMATAN ICT CIAST

ISI KANDUNGAN

PENGENALAN.................................................................................................................................................. 4
OBJEKTIF......................................................................................................................................................... 4
PERNYATAAN DASAR ...................................................................................................................................... 5
SKOP .............................................................................................................................................................. 6
PRINSIP-PRINSIP ............................................................................................................................................. 7
BIDANG 01 PEMBANGUNAN DAN PENYELENGGARAAN DASAR ......................................................................... 9

0101 DASAR KESELAMATAN ICT ................................................................................................................... 9
010101 PELAKSANAAN DASAR ............................................................................................................................. 9
010102 PENYEBARAN DASAR ............................................................................................................................... 9
010103 PENYELENGGARAAN DASAR ....................................................................................................................9
010104 PENGECUALIAN DASAR............................................................................................................................ 9

BIDANG 02 ORGANISASI KESELAMATAN .........................................................................................................10
0201 INFRASTRUKTUR ORGANISASI DALAMAN............................................................................................10
020101 PENGARAH CIAST...................................................................................................................................10
020102 KETUA PEGAWAI MAKLUMAT (CIO) ......................................................................................................10
020103 PEGAWAI KESELAMATAN ICT (ICTSO)....................................................................................................11
020104 PENGURUS ICT .......................................................................................................................................11
020105 PENTADBIR SISTEM ICT..........................................................................................................................12
020106 PENGGUNA ............................................................................................................................................12
020107 JAWATANKUASA KESELAMATAN ICT CIAST ...........................................................................................13
0202 PIHAK KETIGA ...................................................................................................................................14
020201 KEPERLUAN KESELAMATAN KONTRAK DENGAN PIHAK KETIGA............................................................ 14

BIDANG 03 PENGURUSAN ASET ......................................................................................................................15
0301 AKAUNTIBILITI ASET ...........................................................................................................................15
030101 INVENTORI ASET ICT .............................................................................................................................. 15
0302 PENGELASAN DAN PENGENDALIAN MAKLUMAT .................................................................................15
030201 PENGELASAN MAKLUMAT .....................................................................................................................15
030202 PENGENDALIAN MAKLUMAT.................................................................................................................15

BIDANG 04 KESELAMATAN SUMBER MANUSIA................................................................................................17
0401 KESELAMATAN SUMBER MANUSIA DALAM TUGAS HARIAN.................................................................17
040101 SEBELUM PERKHIDMATAN ....................................................................................................................17

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 2

DASAR KESELAMATAN ICT CIAST

040102 DALAM PERKHIDMATAN........................................................................................................................17
040103 BERTUKAR ATAU TAMAT PERKHIDMATAN............................................................................................ 18
BIDANG 05 KESELAMATAN FIZIKAL DAN PERSEKITARAN ..................................................................................19
0501 KESELAMATAN KAWASAN ..................................................................................................................19
050101 KAWALAN KAWASAN............................................................................................................................. 19
050102 KAWALAN MASUK FIZIKAL.....................................................................................................................20
050103 KAWASAN LARANGAN ...........................................................................................................................20
0502 KESELAMATAN PERALATAN................................................................................................................20
050201 KAWALAN KAWASAN............................................................................................................................. 20
050202 MEDIA STORAN......................................................................................................................................22
050203 MEDIA PERISIAN DAN APLIKASI .............................................................................................................22
050204 PENYELENGGARAAN PERKAKASAN........................................................................................................23
050205 PERALATAN DI LUAR PREMIS.................................................................................................................23
050206 PELUPUSAN PERKAKASAN .....................................................................................................................24
0503 KESELAMATAN PERSEKITARAN ...........................................................................................................25
050301 KAWALAN PERSEKITARAN .....................................................................................................................25
050302 BEKALAN KUASA ....................................................................................................................................25
050303 KABEL .....................................................................................................................................................26
050304 PROSEDUR KECEMASAN ........................................................................................................................26
0504 KESELAMATAN DOKUMEN .................................................................................................................26
050401 DOKUMEN..............................................................................................................................................27

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 3

DASAR KESELAMATAN ICT CIAST

PENGENALAN
Dasar Keselamatan ICT (DKICT) CIAST mengandungi peraturan-peraturan yang mesti dibaca dan
dipatuhi dalam menggunakan aset Teknologi Maklumat dan Komunikasi (ICT). Dasar ini juga
menerangkan kepada semua pengguna mengenai tanggungjawab dan peranan mereka dalam
melindungi aset ICT CIAST.

OBJEKTIF
Dasar Keselamatan ICT CIAST diwujudkan untuk menjamin kesinambungan urusan CIAST dengan
meminimumkan kesan insiden keselamatan ICT.
Dasar ini juga bertujuan untuk memudahkan perkongsian maklumat sesuai dengan keperluan operasi
CIAST. Ini hanya boleh dicapai dengan memastikan semua aset ICT dilindungi.
Manakala, objektif utama Keselamatan ICT CIAST ialah seperti berikut:

(a) Memastikan kelancaran operasi CIAST dan meminimumkan kerosakan atau kemusnahan;
(b) Melindungi kepentingan pihak-pihak yang bergantung kepada sistem maklumat dari kesan

kegagalan atau kelemahan dari segi kerahsiaan, integriti, kebolehsediaan, kesahihan maklumat
dan komunikasi; dan
(c) Mencegah salah guna atau kecurian aset ICT Kerajaan.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 4

DASAR KESELAMATAN ICT CIAST

PERNYATAAN DASAR

Keselamatan ditakrifkan sebagai keadaan yang bebas daripada ancaman dan risiko yang tidak boleh
diterima. Penjagaan keselamatan adalah suatu proses yang berterusan. Ia melibatkan aktiviti berkala
yang mesti dilakukan dari semasa ke semasa untuk menjamin keselamatan kerana ancaman dan
kelemahan sentiasa berubah.

Keselamatan ICT adalah bermaksud keadaan di mana segala urusan menyedia dan membekalkan
perkhidmatan yang berasaskan kepada sistem ICT berjalan secara berterusan tanpa gangguan yang
boleh menjejaskan keselamatan. Keselamatan ICT berkait rapat dengan perlindungan aset ICT.

Terdapat empat (4) komponen asas keselamatan ICT iaitu:

(a) Melindungi maklumat rahsia rasmi dan maklumat rasmi kerajaan dari capaian tanpa kuasa yang
sah;

(b) Menjamin setiap maklumat adalah tepat dan sempurna;

(c) Memastikan ketersediaan maklumat apabila diperlukan oleh pengguna; dan

(d) Memastikan akses kepada hanya pengguna-pengguna yang sah atau penerimaan maklumat dari
sumber yang sah.

Dasar Keselamatan ICT CIAST merangkumi perlindungan ke atas semua bentuk maklumat elektronik
bertujuan untuk menjamin keselamatan maklumat tersebut dan kebolehsediaan kepada semua pengguna
yang dibenarkan. Ciri-ciri utama keselamatan maklumat adalah seperti berikut:

(a) Kerahsiaan - Maklumat tidak boleh didedahkan sewenang-wenangnya atau dibiarkan diakses
tanpa kebenaran;

(b) Integriti - Data dan maklumat hendaklah tepat, lengkap dan kemas kini. Ia hanya boleh diubah
dengan cara yang dibenarkan;

(c) Tidak Boleh Disangkal - Punca data dan maklumat hendaklah dari punca yang sah dan tidak
boleh disangkal;

(d) Kesahihan - Data dan maklumat hendaklah dijamin kesahihannya; dan

(e) Ketersediaan - Data dan maklumat hendaklah boleh diakses pada bila-bila masa.

Selain dari itu, langkah-langkah ke arah menjamin keselamatan ICT hendaklah bersandarkan kepada
penilaian yang bersesuaian dengan perubahan semasa terhadap kelemahan semula jadi aset ICT;
ancaman yang wujud akibat daripada kelemahan tersebut; risiko yang mungkin timbul; dan langkah-
langkah pencegahan sesuai yang boleh diambil untuk menangani risiko berkenaan.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 5

DASAR KESELAMATAN ICT CIAST

SKOP

Aset ICT CIAST terdiri daripada perkakasan, perisian, perkhidmatan, data atau maklumat dan manusia.
Dasar Keselamatan ICT CIAST menetapkan keperluan-keperluan asas berikut:

(a) Data dan maklumat hendaklah boleh diakses secara berterusan dengan cepat, tepat, mudah dan
boleh dipercayai. Ini adalah amat perlu bagi membolehkan keputusan dan penyampaian
perkhidmatan dilakukan dengan berkesan dan berkualiti; dan

(b) Semua data dan maklumat hendaklah dijaga kerahsiaannya dan dikendalikan sebaik mungkin
pada setiap masa bagi memastikan kesempurnaan dan ketepatan maklumat serta untuk
melindungi kepentingan kerajaan, perkhidmatan dan masyarakat.

Bagi menentukan Aset ICT ini terjamin keselamatannya sepanjang masa, Dasar Keselamatan ICT CIAST
ini merangkumi perlindungan semua bentuk maklumat kerajaan yang dimasukkan, diwujud, dimusnah,
disimpan, dijana, dicetak, diakses, diedar, dalam penghantaran, dan yang dibuat salinan keselamatan. Ini
akan dilakukan melalui pewujudan dan penguatkuasaan sistem kawalan dan prosedur dalam
pengendalian semua perkaraperkara berikut:

(a) Perkakasan
Semua aset yang digunakan untuk menyokong pemprosesan maklumat dan kemudahan storan
CIAST. Contoh komputer, pelayan, peralatan komunikasi dan sebagainya;

(b) Perisian
Program, prosedur atau peraturan yang ditulis dan dokumentasi yang berkaitan dengan sistem
pengoperasian komputer yang disimpan di dalam sistem ICT. Contoh perisian aplikasi atau
perisian sistem seperti sistem pengoperasian, sistem pangkalan data, perisian sistem rangkaian,
atau aplikasi pejabat yang menyediakan kemudahan pemprosesan maklumat kepada CIAST;

(c) Perkhidmatan
Perkhidmatan atau sistem yang menyokong aset lain untuk melaksanakan fungsi-fungsinya.
Contoh:

i. Perkhidmatan rangkaian seperti LAN, WAN dan lain-lain;
ii. Sistem halangan akses seperti sistem kad akses; dan
iii. Perkhidmatan sokongan seperti kemudahan elektrik, penghawa dingin, sistem

pencegah kebakaran dan lain-lain.

(d) Data dan Maklumat
Koleksi fakta-fakta dalam bentuk kertas atau mesej elektronik, yang mengandungi maklumat-
maklumat untuk digunakan bagi mencapai misi dan objektif CIAST. Contohnya, sistem
dokumentasi, prosedur operasi, rekodrekod CIAST, profil-profil pelanggan, pangkalan data dan
fail-fail data, maklumat-maklumat arkib dan lain-lain;

(e) Manusia
Individu yang mempunyai pengetahuan dan kemahiran untuk melaksanakan skop kerja harian
CIAST bagi mencapai misi dan objektif agensi. Individu berkenaan merupakan aset berdasarkan
kepada tugas-tugas dan fungsi yang dilaksanakan; dan

(f) Premis Komputer Dan Komunikasi
Semua kemudahan serta premis yang digunakan untuk menempatkan perkara (a) - (e) di atas.
Setiap perkara di atas perlu diberi perlindungan rapi. Sebarang kebocoran rahsia atau kelemahan
perlindungan adalah dianggap sebagai perlanggaran langkah-langkah keselamatan.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 6

DASAR KESELAMATAN ICT CIAST

PRINSIP-PRINSIP

Prinsip-prinsip yang menjadi asas kepada Dasar Keselamatan ICT CIAST dan perlu dipatuhi adalah
seperti berikut:

(a) Akses atas dasar perlu mengetahui
Akses terhadap penggunaan aset ICT hanya diberikan untuk tujuan spesifik dan dihadkan
kepada pengguna tertentu atas dasar “perlu mengetahui” sahaja. Ini bermakna akses hanya
akan diberikan sekiranya peranan atau fungsi pengguna memerlukan maklumat tersebut.

(b) Hak akses minimum
Hak akses pengguna hanya diberi pada tahap set yang paling minimum iaitu untuk membaca
dan/atau melihat sahaja. Kelulusan adalah perlu untuk membolehkan pengguna mewujud,
menyimpan, mengemas kini, mengubah atau membatalkan sesuatu maklumat. Hak akses
perlu dikaji dari semasa ke semasa berdasarkan kepada peranan dan tanggungjawab
pengguna/bidang tugas;

(c) Akauntabiliti
Semua pengguna adalah dipertanggungjawabkan ke atas semua tindakannya terhadap aset
ICT. Tanggungjawab ini perlu dinyatakan dengan jelas sesuai dengan tahap sensitiviti
sesuatu sumber ICT. Untuk menentukan tanggungjawab ini dipatuhi, sistem ICT hendaklah
CIAST menyokong kemudahan mengesan atau mengesah bahawa pengguna sistem
maklumat boleh dipertanggungjawabkan atas tindakan mereka. Akauntabiliti atau
tanggungjawab pengguna termasuklah:

i. Menghalang pendedahan maklumat kepada pihak yang tidak dibenarkan;
ii. Memeriksa maklumat dan menentukan ianya tepat dan lengkap dari semasa ke semasa;
iii. Menentukan maklumat sedia untuk digunakan;
iv. Menjaga kerahsiaan kata laluan;
v. Mematuhi standard, prosedur, langkah dan garis panduan keselamatan yang ditetapkan;
vi. Memberi perhatian kepada maklumat terperingkat terutama semasa pewujudan,

pemprosesan, penyimpanan, penghantaran, penyampaian, pertukaran dan pemusnahan;
dan
vii. Menjaga kerahsiaan langkah-langkah keselamatan ICT dari diketahui umum.

(d) Pengasingan
Tugas mewujud, memadam, kemas kini, mengubah dan mengesahkan data perlu diasingkan
bagi mengelakkan daripada capaian yang tidak dibenarkan serta melindungi aset ICT
daripada kesilapan, kebocoran maklumat terperingkat atau di manipulasi. Pengasingan juga
merangkumi tindakan memisahkan antara kumpulan operasi dan rangkaian;

(e) Pengauditan
Pengauditan adalah tindakan untuk mengenal pasti insiden berkaitan keselamatan atau
mengenal pasti keadaan yang mengancam keselamatan. Ia membabitkan pemeliharaan
semua rekod berkaitan tindakan keselamatan.

Dengan itu, aset ICT seperti komputer, pelayan, router, firewall dan rangkaian hendaklah
ditentukan dapat menjana dan menyimpan log tindakan keselamatan atau audit trail;

(f) Pematuhan
Dasar Keselamatan ICT CIAST hendaklah dibaca, difahami dan dipatuhi bagi mengelakkan
sebarang bentuk pelanggaran ke atasnya yang boleh membawa ancaman kepada
keselamatan ICT;

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 7

DASAR KESELAMATAN ICT CIAST

(g) Pemulihan
Pemulihan sistem amat perlu untuk memastikan kebolehsediaan dan kebolehcapaian.
Objektif utama adalah untuk meminimumkan sebarang gangguan atau kerugian akibat
daripada ketidaksediaan. Pemulihan boleh dilakukan melalui aktiviti penduaan dan
mewujudkan pelan pemulihan bencana/ kesinambungan perkhidmatan; dan

(h) Saling Bergantungan
Setiap prinsip di atas adalah saling lengkap-melengkapi dan bergantung antara satu sama
lain. Dengan itu, tindakan mempelbagaikan pendekatan dalam menyusun dan mencorakkan
sebanyak mungkin mekanisme keselamatan adalah perlu bagi menjamin keselamatan yang
maksimum.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 8

DASAR KESELAMATAN ICT CIAST

BIDANG 01
PEMBANGUNAN DAN PENYELENGGARAAN DASAR
0101 Dasar Keselamatan ICT

Objektif:

Menerangkan hala tuju dan sokongan pengurusan terhadap keselamatan maklumat selaras dengan
keperluan CIAST dan perundangan yang berkaitan.

010101 Pelaksanaan Dasar

Pelaksanaan dasar ini akan dijalankan oleh Pengarah CIAST selaku Pengarah CIAST
Pengerusi Pengurusan Keselamatan dan Kesihatan Pekerjaan (KKP)
CIAST. Jawatankuasa Keselamatan ICT (JKICT) di bawah KKP ini terdiri
daripada Ketua Pegawai Maklumat (CIO), Pengurus ICT, Pegawai
Keselamatan ICT (ICTSO), Pentadbir Sistem ICT dan semua Ketua
Bahagian/Program.

010102 Penyebaran Dasar

Dasar ini perlu disebarkan kepada semua pengguna CIAST (termasuk ICTSO
kakitangan, pembekal, pakar runding dan lain-lain).

010103 Penyelenggaraan Dasar

Dasar Keselamatan ICT CIAST adalah tertakluk kepada semakan dan ICTSO
pindaan dari semasa ke semasa termasuk kawalan keselamatan, prosedur
dan proses selaras dengan perubahan teknologi, aplikasi, prosedur,
perundangan, dasar Kerajaan dan kepentingan sosial.

Berikut adalah prosedur yang berhubung dengan penyelenggaraan Dasar
Keselamatan ICT CIAST:

(a) Kenal pasti dan tentukan perubahan yang diperlukan;

(b) Kemuka cadangan pindaan secara bertulis kepada ICTSO
untuk pembentangan dan persetujuan Mesyuarat
Jawatankuasa Keselamatan ICT (JKICT), CIAST;

(c) Maklum kepada semua pengguna perubahan yang telah
dipersetujui oleh JKICT; dan

(d) Dasar ini hendaklah dikaji semula sekurang-kurangnya sekali
setahun atau mengikut keperluan semasa.

010104 Pengecualian Dasar

Dasar Keselamatan ICT CIAST adalah terpakai kepada semua pengguna Semua Pengguna
ICT CIAST dan tiada pengecualian diberikan.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 9

DASAR KESELAMATAN ICT CIAST

0201 BIDANG 02
ORGANISASI KESELAMATAN
Infrastruktur Organisasi Dalaman

Objektif:

Menerangkan peranan dan tanggungjawab individu yang terlibat dengan lebih jelas dan teratur dalam
mencapai objektif Dasar Keselamatan ICT CIAST.

020101 Pengarah CIAST

Pengarah CIAST adalah berperanan dan bertanggungjawab dalam Pengarah CIAST
perkara-perkara seperti berikut:

(a) Memastikan semua pengguna memahami peruntukan-
peruntukan di bawah Dasar Keselamatan ICT CIAST;

(b) Memastikan semua pengguna mematuhi Dasar Keselamatan
ICT CIAST;

(c) Memastikan semua keperluan organisasi (sumber kewangan,
sumber manusia dan perlindungan keselamatan) adalah
mencukupi;

(d) Memastikan penilaian risiko dan program keselamatan ICT
dilaksanakan seperti yang ditetapkan di dalam Dasar
Keselamatan ICT CIAST; dan

020102 Ketua Pegawai Maklumat (CIO)

Ketua Pegawai Maklumat (CIO) bagi CIAST ialah Timbalan Pengarah CIO
(Pengurusan Latihan).

Peranan dan tanggungjawab CIO adalah seperti berikut:

(a) Membantu Pengarah dalam melaksanakan tugas-tugas yang
melibatkan keselamatan ICT;

(b) Menentukan keperluan keselamatan ICT;

(c) Menyelaras dan mengurus pelan latihan dan program
kesedaran keselamatan ICT seperti penyediaan DKICT CIAST
serta pengurusan risiko dan pengauditan; dan

(d) Bertanggungjawab ke atas perkara-perkara yang berkaitan

dengan keselamatan ICT CIAST.

(e) Mempengerusikan Mesyuarat Jawatankuasa Keselamatan ICT
(JKICT), CIAST.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 10

DASAR KESELAMATAN ICT CIAST

020103 Pegawai Keselamatan ICT (ICTSO)

Pegawai Keselamatan ICT (ICTSO) bagi CIAST ialah Ketua Penyelaras ICTSO
Program Unit Infrastruktur (KPP IF1), Program Pembelajaran Elektronik
dan Multimedia (PEM).

Peranan dan tanggungjawab ICTSO yang dilantik adalah seperti berikut:

(a) Mengurus keseluruhan program-program keselamatan ICT
CIAST;

(b) Menentukan kawalan akses pengguna terhadap aset ICT;

(c) Menyimpan rekod, bahan bukti dan laporan terkini mengenai
ancaman keselamatan ICT CIAST.

(d) Menjalankan pengurusan risiko;

(e) Menjalankan audit, mengkaji semula, merumus tindak balas
pengurusan CIAST berdasarkan hasil penemuan dan
menyediakan laporan mengenainya;

(f) Memberi amaran terhadap kemungkinan berlakunya ancaman
berbahaya seperti virus dan memberi khidmat nasihat serta
menyediakan langkah-langkah perlindungan yang
bersesuaian;

(g) Bekerjasama dengan semua pihak yang berkaitan dalam
mengenal pasti punca ancaman atau insiden keselamatan ICT
dan memperakukan langkah-langkah baik pulih dengan
segera; dan

(h) Menyedia dan melaksanakan program-program kesedaran
mengenai keselamatan ICT.

020104 Pengurus ICT

Pengurus ICT bagi CIAST ialah Ketua Program Pembelajaran Elektronik Pengurus ICT
dan Multimedia (KP PEM).

Peranan dan tanggungjawab Pengurus ICT adalah seperti berikut:

(a) Mengkaji semula dan melaksanakan kawalan keselamatan
ICT selaras dengan keperluan CIAST;

(b) Menguatkuasakan pelaksanaan Dasar Keselamatan ICT
CIAST;

(c) Memberi penerangan dan pendedahan berkenaan Dasar
Keselamatan ICT CIAST kepada semua pengguna;

(d) Mewujudkan garis panduan, prosedur dan tatacara selaras
dengan keperluan Dasar Keselamatan ICT CIAST;

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 11

DASAR KESELAMATAN ICT CIAST

(e) Melaporkan sebarang perkara atau penemuan mengenai
keselamatan ICT kepada CIO;

020105 Pentadbir Sistem ICT

Pentadbir Sistem ICT bagi CIAST ialah Ketua Penolong Pengarah Unit Pentadbir Sistem ICT
Infrastruktur (KPP IF2), Program Pembelajaran Elektronik dan Multimedia
(PEM).

Peranan dan tanggungjawab Pentadbir Sistem ICT adalah seperti berikut:

(a) Mengambil tindakan yang bersesuaian dengan segera apabila
dimaklumkan mengenai kakitangan yang berhenti, bertukar,
bercuti, berkursus panjang atau berlaku perubahan dalam
bidang tugas;

(b) Menentukan ketepatan dan kesempurnaan sesuatu tahap
capaian berdasarkan arahan pemilik sumber maklumat
sebagaimana yang telah ditetapkan di dalam Dasar
Keselamatan ICT CIAST;

(c) Memantau aktiviti capaian harian sistem aplikasi pengguna;

(d) Mengenal pasti aktiviti-aktiviti tidak normal seperti
pencerobohan dan pengubahsuaian data tanpa kebenaran
dan membatalkan atau memberhentikannya dengan serta
merta;

(e) Menganalisis dan menyimpan rekod jejak audit;

(f) Menyediakan laporan mengenai aktiviti capaian secara
berkala; dan

(g) Bertanggungjawab memantau setiap perkakasan ICT yang
diagihkan kepada pengguna seperti komputer peribadi,
komputer riba, pencetak, pengimbas dan sebagainya di dalam
keadaan yang baik.

020106 Pengguna

Pengguna mempunyai peranan dan tanggungjawab seperti berikut: Semua Pengguna

(a) Membaca, memahami dan mematuhi Dasar Keselamatan ICT
CIAST;

(b) Mengetahui dan memahami implikasi keselamatan ICT kesan
dari tindakannya;

(c) Lulus tapisan keselamatan;

(d) Melaksanakan prinsip-prinsip Dasar Keselamatan ICT CIAST
dan menjaga kerahsiaan maklumat CIAST;

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 12

DASAR KESELAMATAN ICT CIAST

(e) Melaporkan sebarang aktiviti yang mengancam keselamatan
ICT kepada ICTSO dengan segera;

(f) Menghadiri program-program kesedaran mengenai
keselamatan ICT;

020107 Jawatankuasa Keselamatan ICT CIAST JKICT CIAST

Jawatankuasa Keselamatan ICT (JKICT) adalah jawatankuasa yang
bertanggungjawab dalam keselamatan ICT dan berperanan sebagai
penasihat dan pemangkin dalam merumuskan rancangan dan strategi
keselamatan ICT CIAST.

Keanggotaan JKICT CIAST adalah seperti berikut:

Pengerusi : CIO CIAST
Setiausaha: ICTSO
Ahli: (1) Pengurus ICT;

(2) Pentadbir Sistem;
(3) Ketua Bahagian / Program; dan
(4) lain-lain ahli yang dilantik dari semasa ke semasa.

Urusetia bagi JKICT CIAST adalah Unit Infrastruktur, PEM.

Bidang kuasa:

(a) Memperakukan/meluluskan dokumen DKICT CIAST;

(b) Memantau tahap pematuhan keselamatan ICT;

(c) Memperaku garis panduan, prosedur dan tatacara untuk aplikasi-
aplikasi khusus dalam CIAST yang mematuhi keperluan DKICT
CIAST;

(d) Menilai teknologi yang bersesuaian dan mencadangkan
penyelesaian terhadap keperluan keselamatan ICT;

(e) Memastikan DKICT CIAST selaras dengan dasar-dasar ICT
kerajaan semasa;

(f) Menerima laporan dan membincangkan hal-hal keselamatan ICT
semasa;

(g) Membincang tindakan yang melibatkan pelanggaran DKICT
CIAST; dan

(h) Membuat keputusan mengenai tindakan yang perlu diambil
mengenai sebarang insiden.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 13

DASAR KESELAMATAN ICT CIAST

0202 Pihak Ketiga

Objektif:

Menjamin keselamatan semua aset ICT yang digunakan oleh pihak ketiga (Pembekal, Pakar Runding dan
lain-lain).

020101 Keperluan Keselamatan Kontrak dengan Pihak Ketiga

Ini bertujuan memastikan penggunaan maklumat dan kemudahan proses CIO, ICTSO, Pengurus ICT,

maklumat oleh pihak ketiga dikawal. Perkara yang perlu dipatuhi termasuk Pentadbir Sistem ICT dan

yang berikut: Pihak Ketiga

(a) Membaca, memahami dan mematuhi Dasar Keselamatan ICT
CIAST;

(b) Mengenal pasti risiko keselamatan maklumat dan kemudahan
pemprosesan maklumat serta melaksanakan kawalan yang sesuai
sebelum memberi kebenaran capaian;

(c) Mengenal pasti keperluan keselamatan sebelum memberi
kebenaran capaian atau penggunaan kepada pihak ketiga;

(d) Akses kepada aset ICT CIAST perlu berlandaskan kepada
perjanjian kontrak;

(e) Memastikan semua syarat keselamatan dinyatakan dengan jelas
dalam perjanjian dengan pihak ketiga. Perkara-perkara berikut
hendaklah dimasukkan di dalam perjanjian yang dimeterai.

i. Dasar Keselamatan ICT CIAST;
ii. Tapisan Keselamatan;
iii. Perakuan Akta Rahsia Rasmi 1972; dan
iv. Hak Harta Intelek.

RUJUKAN VERSI TARIKH M/SURAT
DKICT CIAST Versi 1.0 01/01/10 14