dasar keselamatan ict bagi jabatan pendidikan · pdf file0503 keselamatan persekitaran ... di...
TRANSCRIPT
Dasar Keselamatan ICT
Bagi Jabatan Pendidikan Politeknik
dan Politeknik Malaysia
Feb 2016
Versi 1.0
Dasar Keselamatan ICT JPP dan Politeknik
VERSI TARIKH KUATKUASA MUKASURAT 1.0 1 Mac 2016 1 dari 74
SEJARAH DOKUMEN
Tarikh Versi Kelulusan Tarikh Kuatkuasa Catatan
22 Feb 2016 1.0 Mesyuarat
Pengurusan
JPP
1 Mac 2016
ISI KANDUNGAN
PENGENALAN ...............................................................................................................................................7
OBJEKTIF ......................................................................................................................................................7
PERNYATAAN DASAR ...................................................................................................................................8
SKOP ............................................................................................................................................................9
PRINSIP-PRINSIP ....................................................................................................................................... 11
Dasar Keselamatan ICT JPP dan Politeknik
VERSI TARIKH KUATKUASA MUKASURAT 1.0 1 Mac 2016 2 dari 74
PENILAIAN RISIKO KESELAMATAN ICT ...................................................................................................... 14
BIDANG 01 ............................................................................................................................................ 16
0101 Dasar Keselamatan ICT .......................................................................................................... 16
010101 Pelaksanaan Dasar ........................................................................................................... 16
010102 Penyebaran Dasar ............................................................................................................ 16
010103 Penyelenggaraan Dasar ................................................................................................... 16
010104 Pengecualian Dasar ......................................................................................................... 17
BIDANG 02 ............................................................................................................................................ 18
0201 Infrastruktur Keselamatan Organisasi ..................................................................................... 18
020101 Ketua Pengarah................................................................................................................ 18
020102 Ketua Pegawai Maklumat (CIO) ....................................................................................... 18
020103 Pegawai Keselamatan ICT (ICTSO) ................................................................................... 19
020104 Pengurus ICT .................................................................................................................... 20
020105 Pentadbir Sistem ICT........................................................................................................ 20
020106 Pegawai Aset ICT .............................................................................................................. 21
020107 Pengguna ......................................................................................................................... 21
020108 Jawatankuasa Pemandu ICT JPP dan Politeknik (JPICT) .................................................. 22
020109 Pasukan Tindak Balas Insiden Keselamatan ICT JPP dan POLITEKNIK (CERT) ................. 23
0202 Pihak Ketiga .......................................................................................................................... 24
020201 Keperluan Keselamatan Kontrak dengan Pihak Ketiga .................................................... 24
BIDANG 03 ............................................................................................................................................ 25
0301 Akauntabiliti Aset..................................................................................................................... 25
030101 Inventori Aset................................................................................................................. 25
0302 Pengelasan dan Pengendalian Maklumat ............................................................................... 25
030201 Pengelasan Maklumat ................................................................................................... 26
030202 Pengendalian Maklumat ................................................................................................ 26
BIDANG 04 ............................................................................................................................................ 27
0401 Keselamatan Sumber Manusia Dalam Tugas Harian ............................................................... 27
Dasar Keselamatan ICT JPP dan Politeknik
VERSI TARIKH KUATKUASA MUKASURAT 1.0 1 Mac 2016 3 dari 74
040101 Sebelum Perkhidmatan ................................................................................................... 27
040102 Dalam Perkhidmatan ....................................................................................................... 27
040103 Bertukar Atau Tamat Perkhidmatan ................................................................................ 28
BIDANG 05 ............................................................................................................................................ 29
0501 Keselamatan Kawasan ............................................................................................................. 29
050101 Kawalan Kawasan ............................................................................................................ 29
050102 Kawalan Masuk Fizikal ..................................................................................................... 30
050103 Kawasan Larangan ........................................................................................................... 30
0502 Keselamatan Peralatan ............................................................................................................ 31
050201 Peralatan ICT .................................................................................................................... 31
050202 Media Storan ................................................................................................................... 33
050203 Media Perisian dan Aplikasi ............................................................................................. 34
050204 Penyelenggaraan ............................................................................................................. 34
050205 Peminjaman Perkakasan Untuk Kegunaan Di Luar Pejabat ............................................ 35
050206 Peralatan di Luar Premis .................................................................................................. 35
050207 Pelupusan ........................................................................................................................ 35
0503 Keselamatan Persekitaran ....................................................................................................... 37
050301 Kawalan Persekitaran ...................................................................................................... 37
050302 Bekalan Kuasa .................................................................................................................. 37
050303 Kabel ................................................................................................................................ 38
050304 Prosedur Kecemasan ....................................................................................................... 38
0504 Keselamatan Dokumen ............................................................................................................ 38
050401 Dokumen ......................................................................................................................... 39
BIDANG 06 ............................................................................................................................................ 40
0601 Pengurusan Prosedur Operasi ................................................................................................. 40
060101 Pengendalian Prosedur .................................................................................................... 40
060102 Kawalan Perubahan ......................................................................................................... 40
060103 Pengasingan Tugas dan Tanggungjawab ......................................................................... 41
Dasar Keselamatan ICT JPP dan Politeknik
VERSI TARIKH KUATKUASA MUKASURAT 1.0 1 Mac 2016 4 dari 74
0602 Pengurusan Penyampaian Perkhidmatan Pihak Ketiga ........................................................... 41
0603 Perancangan dan Penerimaan Sistem ..................................................................................... 42
060301 Perancangan Kapasiti ...................................................................................................... 42