Introduction
The Public Sector Information Security Risk Assessment is aimed to assist Public Sector agencies to measure and analyse the risk level of their ICT assets and subsequently, take the necessary actions to plan and control the risks. The Government has published the General Circular Letter No. 6 Year 2005: The Public Sector Information Security Risk Assessment Guideline to emphasise the importance of implementing risk assessment in the Public Sector. The Public Sector Information Security Risk Assessment Guideline outlines the methods and techniques used in the process of implementing a systematic and effective information security risk assessment.
The guideline has two main components :
- The Malaysian Public Sector Information Security High-Level Risk Assessment (HiLRA) Guideline helps agencies to get an initial view of their information security risk level; and
- The Malaysian Public Sector Information Security Risk Assessment Methodology (MyRAM) provides agencies with a qualitative methodology for implementing a detailed information security risk assessment within the predefined scope of the agencies.
Roles and Responsibilities
All Government agencies are required to implement a high level information security risk assessment based on HiLRA. If the findings of the assessment indicates that the agency has high risk in terms of information asset (i.e. the agency is highly dependent on ICT), then the agency is required to carry out a detailed risk assessment based on MyRAM methodology. To meet the needs of technology and information security, agencies are encouraged to conduct regular risk assessments on their ICT assets to ensure that their information security risk are kept at a minimum level.
Guidelines
- Malaysian Public Sector Management of Information and the Communications Technology Security Handbook (MyMIS)
- General Circular Letter No. 6 Year 2005 – Public Sector Information Security Risk Assessment Guideline.
For further Information:
Director-General
Malaysian Administrative Modernisation and
Management Planning Unit (MAMPU)
Level 6, Block B2
Prime Minister’s Department Complex
Federal Government Administrative Center
62502 PUTRAJAYA