Portal Rasmi MAMPU

Laman Web Rasmi Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia (MAMPU)
Multi Language [EN] [BM]
Peta Laman MyGoverment
W3C Disability Accessibility
Arkib elektronik Online E-Participation
Pengenalan Kami
Soalan Lazim Piagam Pelanggan
Hubungi Kami
Procument Ketua Pegawai Maklumat Kerajaan Pelan Strategik MAMPU 2021-2025

Malaysia Information Security Governance, Risk Management And Compliance (MyISGRC App)

Malaysia Information Security Governance, Risk Management And Compliance (MyISGRC App)


MyISGRC is a web-based application developed as a digital tool. The Malaysian Information Security Governance, Risk Management And Compliance web application (MyISGRC App) was developed under the Cyber Security Development Project for Public Sector (CSDeP).

MyISGRC applications include the Questionnaire Components, Technical Verification Reports, MyISGRC Results and Information Security Improvement Recommendations to assist agencies in managing information security in accordance with the requirements of the Public Sector Cyber Security Framework (RAKKSSA).

The MyISGRC concept refers to the three (3) specific integrated approaches:

  1. Governance – including information security and information security framework (eg policies, procedures, controls and organizational structures) used for managing the security of agency information;
  2. Risk Management – identify, manage, and mitigate the risks potentially affecting agency operations; and
  3. Compliance – meets the required regulations, or the government’s mandate for information security.

These three elements play an important role in managing the security of agency information adapted in the MyISGRC App with justification as follows:

  1. Governance focuses on information security management that should be addressed by top management of the organization. Activities in the elements of Governance require top management to make a complete and timely decision; and
  2. Compliance with various rules by agencies involves a very high cost. Accordingly, compliance must adopt a risk-based approach. This will enable the agency to focus on the most important issues, regulations or laws of an agency.

Objectives / Purpose

The objectives of Malaysian Information Security Governance, Risk Management and Compliance (MyISGRC) are to assess the current state of information security health of Public Sector Agencies thus, allowing their managements to make an informed business decisions and also to help managing the information security threats and challenges faced by the agencies. Thus, it improves the agencies’ preparedness towards information security.

MyISGRC is an assessment tool for agencies to measure availability and initiatives in governance, risk management and information security compliance in addressing information security issues & problems. MyISGRC combines self-assessment and the technical validation exercise which covers the vulnerability scanning for three main areas i.e. host, network and wifi. As for the self-assessment part, there are five (5) major components in MyISGRC namely Governance, Risk Management, Competence and Culture, Technical Operations and Physical Security. Under each component, a comprehensive assessment is conducted to determine the maturity and compliance of the agency on information security governance, risk management and compliance to standards and related regulations.

Based on the results of the assessment produced by MyISGRC, the management of the agency can understand the current state of agency information security level and identify current gaps. This can help the management to decide, plan and execute appropriate actions to fill-in the gap, and improve the readiness of the agency in overall information security management. For example, they can focus more on an area that is still weak in managing the agency’ information security and arrange for resource planning or specific information security programme.

References (Circulars / Guidelines / Presentation Papers)

Presentation paper – CAPAM 2018 International Innovations Awards (IIA)

Contact Information

Officers who manage advisory services on MyISGRC are as follows:

  1. Mrs. Norfizah binti Mat Nor
    Principle Assistant Director
    No. Tel: 03-8872 7411
    E-mail: norfizah@mampu.gov.my
  2. Mrs. Haslinda binti Mat Akhir
    Senior Assistant Director
    No. Tel: 03-8872 3155
    E-mail: haslinda@mampu.gov.my

  Updated 01.07.2019

Page Info:     Total Views-     182


Today's Visitors: 1801
Total Visitors: 1145686

Aras 6, Setia Perdana 2,
Kompleks Setia Perdana,
Pusat Pentadbiran Kerajaan Persekutuan
62502 Putrajaya Malaysia
T 603 8000 8000   F 603 8888 3721
E webmaster[at]mampu.gov.my

2021 © Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia (MAMPU)
Paparan terbaik menggunakan pelayar Mozilla Firefox dan Google Chrome dengan resolusi skrin 1366 x 768


Accessibility Toolbar

SPOT-ME Senarai Keseluruhan Agensi bagi Pensijilan EKSA Number of Online Services Dasar Polisi
Freedom of Information
Dasar Privasi