Institution awareness and Training

The institution shall ensure that executives, senior management, managers, systems administrators, and users of institutional systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.

The institution shall ensure personnel are trained to carry out their assigned cybersecurity-related duties and responsibilities. It is advised to Provide ongoing security awareness and training programs for government staff to educate them about security best practices as well as data protection law for the safety of personal data mostly on technical and institutional measures required for the compliance.

Objectives

Benefits

Scope

Network design

Network Implementation

Network Management

User devices

Precaution measures

Stolen computers

User responsibilities

Hardware acquisition, maintenance

Hardware disposal

Software applications

Data

Business Continuity (BC) and Disaster Recovery (DR)

User collaboration and email service

Password Policy

Email Accounts

System access and authorization

Security Policy and Procedures

Minimizing the exposure of systems to External Networks

Access Control

Implement network segmentation

Institution awareness and Training

Audit and Accountability

Configuration Management

Identity Management and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Risk Assessment

System and Communications Protection

System and Information Integrity

Personally identifiable information (PII) Processing and Transparency

Contingency Planning

Supply Chain Risk Management

Passwords Protection

Assessment of the current situationge

Definition of the strategic target position

Definition of gaps

Establishing a roadmap to close the gaps.

Roles and responsibilities

Resources and Impact

Digitalization project initiation

Digitalization project documentation

Digitalization project implementation

Digitalization staff

Digitalization talent and capacity building

Challenge Definition

Ideation Stage

Prototyping

Testing Stage

Implementation

Institution awareness and Training