MIN
YS
IS
LA
RY
T
A
OF M
E D U C ATI O N
ICT SECURITY
MANAGEMENT
HANDBOOK
Published by
Infrastructure and Repository Sector
Smart Educational Development
Educational Technology Division
Ministry of Education
Pesiaran Bukit Kiara
50604 Kuala Lumpur
Tel : 603-2098 7768/6245
Fax : 603-2098 6242
Contents
Contents
Background ...................................................................... v
Foreword ....................................................................... vi
Preface ........................................................................... vii
Introduction .................................................................. viii
1 Acceptable Internet And E-Mail Usage .................... 1
1.1 Introduction ....................................................... 1
1.2 Purpose ..............................................................1
1.3 Responsibilities ....................................................1
1.4 Internet Usage .................................................... 2
1.5 E-Mail ............................................................... 4
2 Choosing Quality Passwords .................................... 7
2.1 Introduction ...................................................... 7
2.2 Purpose ............................................................ 7
2.3 Responsibilities ................................................. 7
2.4 Compromise Of Passwords .................................. 8
2.5 General Password Rules ...................................... 8
2.6 Password Composition Rules ............................... 9
2.7 Changing And Reusing Of Passwords ................... 10
3 Physical Security For The ICT Infrastructure ........ 11
3.1 Introduction .................................................... 11
3.2 Purpose .......................................................... 11
3.3 Responsibilities ................................................ 11
3.4 Working In ICT Infrastructure ............................ 11
4 Mobile Computing ................................................. 14
4.1 Introduction ..................................................... 14
iii
Contents
iv
Contents
Background
Background
v
Contents
Foreword
Preface
vii
Introduction
Contents
Introduction
viii
1 Acceptable Internet And E-Mail Usage
1.1 Introduction
1.2 Purpose
1.3 Responsibilities
1
1 Acceptable Internet And E-Mail Usage
2
1 Acceptable Internet And E-Mail Usage
3
1 Acceptable Internet And E-Mail Usage
1.5 E-Mail
1) E-mail allows users to communicate with each
other in the form of electronic messages. The
usage of e-mail is getting more prevalent as it
allows more effective two-way communication.
2) All residents of a school are given e-mail
accounts for the purpose of official
correspondence. An example of an e-mail
address is name@moe.edu.my.
3) The usage of e-mail service is subject to the
rules stipulated in this section and the School
ICT Coordinator has the right to revoke such
usage if users do not comply with the rules.
4) E-mail is one of the official communication
channels within the school. As such, it has to be
composed with caution. For example, using
upper case is not encouraged as it is considered
inappropriate. Users are advised to compose
e-mail using simple, courteous and correct
language. Users should ensure that the subject
corresponds with the content of the e-mail.
4
1 Acceptable Internet And E-Mail Usage
5
1 Acceptable Internet And E-Mail Usage
6
2 Choosing Quality Passwords
2.1 Introduction
2.2 Purpose
2.3 Responsibilities
7
2 Choosing Quality Passwords
8
2 Choosing Quality Passwords
9
2 Choosing Quality Passwords
10
3 Physical Security For The ICT Infrastructure
3.1 Introduction
3.2 Purpose
3.3 Responsibilities
11
3 Physical Security For The ICT Infrastructure
12
3 Physical Security For The ICT Infrastructure
13
4 Mobile Computing
4 Mobile Computing
4.1 Introduction
4.2 Purpose
4.3 Responsibilities
14
4 Mobile Computing
15
4 Mobile Computing
16
4 Mobile Computing
17
5 Information Classification And Handling
5.1 Introduction
5.2 Purpose
5.3 Responsibilities
18
5 Information Classification And Handling
A c c o r d i n g t o t h e g o v e r n m e n t ’s A r a h a n
Keselamatan, information is classified into five
levels:
1) Public: Official documents/information available
for public knowledge, viewing or usage.
2) Restricted: Official documents/information
excluding those classified as Top Secret, Secret
or Confidential but required to be provided with
a security measure level. Refer to Table 1:
Information Handling.
3) Confidential: Official documents/information
if exposed without authorisation, even
though it does not endanger national security
- could have an impact on national interest
or dignity, the activity of the government or
19
5 Information Classification And Handling
20
5 Information Classification And Handling
21
22
Table 1: Information Handling
Top Secret Secret Confidential Restricted Public
Labelling
Electronic 1) Labelled as ‘Top Secret’ or ‘Secret’ or ‘Confidential’ or Not
Media ‘Restricted’. required
Labelling
Reference The owners of the respective information should work together with Not
the school’s administrative personnel to define the reference number required
for each document produced.
Storage
Storage on Encrypted where applicable or other compensating controls such as Not
Fixed Media access controls, password management and other network controls. required
Storage on Encrypted where applicable or other compensating controls such as Not
Exchangeable access controls, password management and other network controls. required
Media
Top Secret Secret Confidential Restricted Public
Physical 1) Strong room or safe with 1) Cabinet (iron). No special
Storage locks. storage
2) See Arahan Keselamatan –
required
2) Work in progress can be Clause 58 – 60.
kept in cabinet (iron) with
locks.
3) See Arahan Keselamatan –
Clause 58 – 60.
Sending/Transmission /Processing
Sending 1) Acknowledgement on receipt of document (2 copies) needs to Not
documents be prepared. required
2) Mail packaging for documents carried securely:
a) Only one (1) envelope with marking, reference number,
name and address.
b) The envelope must be sealed.
3) Mail packaging for documents carried unsecurely:
a) Two (2) envelopes required.
b) Internal envelope with marking, reference number, name
and address;
c) External envelope with name and address and it must be
5 Information Classification And Handling
23
24
Top Secret Secret Confidential Restricted Public
sealed.
4) See Arahan Keselamatan – Clause 61 – 65.
Faxing 1) Not allowed. No
/Telephone restriction
2) See Arahan Keselamatan – Clause 66.
/Telegraph
Carrying 1) Written approval from the 1) Written approval from Head No
Documents Secretary General of the of Department is required. restriction
Out from the Ministry of Education.
2) See Arahan Keselamatan –
Office
2) See Arahan Keselamatan – Clause 67.
Clause 67.
5 Information Classification And Handling
Disposal
Physical 1) Not allowed unless explicitly instructed by the information Ordinary
Disposal owner. Total destruction must be performed. trash
2) Disposal must be logged.
3) Document must be shredded.
4) See Arahan Keselamatan – Clause 71 – 74.
Electronic Secure delete. Ordinary
Disposal delete
5 Information Classification And Handling
25
26
Top Secret Secret Confidential Restricted Public
Loss of Documents /Information
Reporting of 1) Loss of documents/information should be reported immediately Not
loss to the school administrator within 24 hours. required
2) An investigation should be warranted to estimate the impact of
such losses. If necessary, a report to external parties such as
the police should be made.
3) See Arahan Keselamatan – Clause 75 – 76.
5 Information Classification And Handling
Glossary
GLOSSARY
27
Glossary
30
Glossary
References
1) Malaysian Public Sector Management of Information &
Communications Technology Security Handbook
(MyMIS).
2) Pekeliling Kemajuan Pentadbiran Awam Bilangan 1
Tahun 2003 - Garis Panduan Mengenai Tatacara
Penggunaan Internet Dan Mel Elektronik Di Agensi-
agensi Kerajaan.
3) Buku Arahan Keselamatan.
4) Prosedur dan Dasar Pengurusan Keselamatan
Sekolah Bestari Versi 2.0.
Enquiries
Enquiries about this document should be directed to:
Director
Educational Technology Division
Ministry Of Education
Pesiaran Bukit Kiara
50604 Kuala Lumpur
(Attn : Infrastructure and Repository Sector)
31
Glossary
CONTRIBUTORS
ADVISOR
EDITORIAL BOARD
32