Directorate of Information Security
Mission: To fulfill the following functions:
- To provide leadership, organisational structures and processes at the national level that safeguard information against accidental or unathorised modification, destruction, or disclosure.
- To coordinate efforts to remediate security alerts and respond to information security related incidents and threats
- To coordinate with other institutions including law enforcement to identify and plan for security in all aspects of data, application, hardware, telecommunication, and computer installation.
- To carry out information security assessment for other organisations
Departments under Directorate of Information Security
Computer Forensics and Incident Management Department
- Coordinate and assist government agencies in implementing proactive services to reduce the risks of computer security incidents as well as respond to such incidents when they occur.
- Ensures, verifies and validates the protection of information systems against unauthorized access to, or modification of, information, whether in storage, processing or transit, and protection against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
- Leads and conducts investigations, reviews compliance with policies and procedures, and serves as a resource for external compliance officers during independent assessments.
- Conduct awareness to educate the local population about the adverse effects of cyber threats and cybercrime.
Information Security Compliance Department
- Manages information security programs by overseeing and ensuring agency compliance with policies and procedures regarding the security of information assets.
- Develops and subsequently enforces policies and procedures, security awareness program, business continuity and disaster recovery plans, and all industry and government compliance issues.
- Assesses internal and external risks and the respective business impact and provide appropriate mitigation strategies.
- Provides oversight responsibility for ensuring the integrity and security of automated files, databases, and computer systems.
- Establishes a risk management framework and governance model to assure the appropriate handling of information.
Information Security Operations Department
- Concentrates on protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction to provide confidentiality, integrity and availability.
- Approves the use of alternatives to support encryption for the protection of confidential, personal and sensitive information stored on portable electronic storage media and portable computing devices.
- Supports the application of the principles, policies and procedures, and compliance with laws, regulations, statutes, etc. used to ensure the confidentially, integrity, and security of individual personal information.
- Creates a foundation for the development of techniques and procedures for verifying security control effectiveness.
- Promotes a dynamic catalogue of security controls for information systems and provides recommendation for minimum controls.