Information & Communication Technology Division ("ICT")
Areas of Audit
:
Data/Information Security Control and Recovery
Period of Audit Coverage
:
January 2017 - December 2018
Audit Visit
:
November - December 2018
Summary of Audit Findings & Ratings
No./Ref.
Summary of Audit Findings
Status of Action To Address Findings
No Policy & Guidelines
Inadequate / OutdatedPolicies & Guidelines
Non-Compliance
Improvement Ideas
3.1
SEDC SECURITY POLICY
3.1.2
Quite a number of staff were unable to comprehend between SEDC Portal and Website and how to access the portal, thus not aware of the existence of the various ICT security policies and guidelines in the SEDC Portal
Action In Progress
3.3
SECURITY THREAT TO COMPUTERISED SYSTEM
3.3.1
A firewall to filter incoming and outgoing traffic into the Local Area Network of the Corporation and anti-virus software were installed on devices to prevent possible threat from hacking and malwarethat can wreak havoc to the Corporation network systems
Action In Progress
3.4
BACKUP OF SYSTEM, PROGRAM AND DATA
3.4.1
ICT has installed an automatic backup of system, program and data that allow the recovery of informmation stored on servers but yet to implement off-site storage and also yet to conduct drill for 2018/2019
Action In Progress
3.5
SECURITY THREAT TO COMPUTER SYSTEM
3.5.1
ICT has developed and compiled IT Disaster Recovery Plan to migitate possible disaster that renders the Corporation's computer systems not operating effectively however disaster recovery plan exercise or drill for the new servers and backup processes at the new Menara has yet to be done