3. Contents
iii
Contents
Background ...................................................................... v
Foreword ....................................................................... vi
Preface ........................................................................... vii
Introduction .................................................................. viii
1 Acceptable Internet And E-Mail Usage .................... 1
1.1 Introduction ....................................................... 1
1.2 Purpose ..............................................................1
1.3 Responsibilities ....................................................1
1.4 Internet Usage ....................................................2
1.5 E-Mail ............................................................... 4
2 Choosing Quality Passwords .................................... 7
2.1 Introduction ...................................................... 7
2.2 Purpose ............................................................ 7
2.3 Responsibilities ................................................. 7
2.4 Compromise Of Passwords .................................. 8
2.5 General Password Rules ...................................... 8
2.6 Password Composition Rules ............................... 9
2.7 Changing And Reusing Of Passwords ................... 10
3 Physical Security For The ICT Infrastructure ........ 11
3.1 Introduction .................................................... 11
3.2 Purpose .......................................................... 11
3.3 Responsibilities ................................................ 11
3.4 Working In ICT Infrastructure ............................ 11
4 Mobile Computing ................................................. 14
4.1 Introduction ..................................................... 14
4. Contents
iv
4.2 Purpose ........................................................... 14
4.3 Responsibilities ..................................................14
4.4 Use Of Mobile Computing Devices ........................ 15
4.5 Physical Security ................................................15
4.6 Configuration Changes ....................................... 16
4.7 Connecting Mobile Computing Devices To Unsecured
Networks .........................................................17
5 Information Classification And Handling ................ 18
5.1 Introduction ......................................................18
5.2 Purpose ............................................................18
5.3 Responsibilities ..................................................18
5.4 Scope Of Coverage ............................................ 19
5.5 Information Classification ....................................19
5.6 Information Handling ..........................................20
Glossary ......................................................................... 27
References ..................................................................... 31
Enquiries ........................................................................ 31
Contributors ................................................................... 32
5. Contents
v
Background
Background
The ICT Security Management Handbook is a new
handbook, updated and adapted from the Smart School
Security Management Policies and Procedures Version 1.0
published under the Smart School Pilot Project in the year
2000. The original document was first reviewed in 2001.
Users of the first and second editions of this handbook will
realise that the text has been completely revised; a major
part of the revision being the separation of the content
into two new documents, one for the School ICT
Coordinators and another for other users.
This ICT Security Management Handbook is based on the
ICT security management information contained in the
Malaysian Public Sector Management of Information &
Communications Technology Security Handbook published
by MAMPU.
6. Contents
vi
Director-General of Education Malaysia
Foreword
I would like to congratulate the Handbook
Committee, coordinated by the Educational
Technology Division, for their dedication in
completing this informative handbook. Their
commitment in the preparation of this handbook is
highly commended.
This handbook is meant to give thorough and
concise guidelines on ICT Security Management. It
is hoped that the guidelines and procedures listed
are useful to all readers.
I would also like to thank all teachers involved for
their invaluable contribution to this handbook, an
important contribution to the ICT landscape of
schools.
(DATO’ DR. HJ. AHAMAD BIN SIPON)
Director-General of Education
Ministry of Education
Malaysia
7. Contents
vii
Educational Technology Division
Preface
This handbook gives a brief overview on ICT
Security Management for all schools in Malaysia.
This handbook is meant to be a useful source of
reference for all schools in implementing effective
ICT security management. Although there can be no
guarantee for absolute security within an
international electronic works environment, using
the guidelines in this handbook should mitigate
many of the risks to which ICT-based systems are
exposed.
I wish to congratulate the committee and all others
involved in producing this handbook.
(DATO’ HJ. YUSOFF BIN HARUN)
Director
Educational Technology Division
Ministry of Education
8. Contents
viii
Introduction
This handbook has been adapted from the Malaysian
Public Sector Management of Information &
Communications Technology Security Handbook produced
by MAMPU, and the Smart School Security Management
Policies and Procedures Version 1.0 produced by the
Smart School Pilot Project Team of the Ministry Of
Education.
The content is arranged according to topics to help users
practise security management systematically and effectively.
The content in each topic has been arranged in such a
manner that the steps listed are easy to follow and provide
comprehensive guidance to ICT security management.
Each topic in this handbook starts with an introduction and
purpose followed by guidelines which provide an overview of
ICT security management. Using these guidelines, users
should be able to practise ICT security effectively.
The ICT Security Management Handbook will help widen the
reader’s knowledge and create awareness in ICT security
management.
A glossary is included for better understanding of the
content.
Introduction
9. 1 Acceptable Internet And E-Mail Usage
1
1 Acceptable Internet And E-Mail Usage
1.1 Introduction
The advancement of information and communications
technology (ICT) allows information to be sent and
received rapidly. This facility has brought the Internet
and electronic mail (e-mail) usage to the rise.
Electronic communication is now being used widely
as the alternative medium for sharing information.
However, uncontrolled usage of Internet and e-mail
services may expose us to various security threats.
Hence, security protection needs to be in place to
ensure confidentiality, integrity and availability of
information.
1.2 Purpose
The purpose of this section is to outline the
acceptable use of Internet and e-mail services in
schools. These rules should be put in place to
protect all residents of schools. Inappropriate use
may expose schools to risks, including virus attacks,
compromise of network systems and services, and
legal issues.
1.3 Responsibilities
All school residents who are given access to the
school ICT system are required to comply with the
rules and regulations contained this section.
10. 1 Acceptable Internet And E-Mail Usage
2
1.4 Internet Usage
1) The school electronic communication system or
ICT facilities are generally used for facilitating
and improving the administration and operations
of the school. Users should be aware that the
data they create and the system they use
remain the property of the Government of
Malaysia.
2) Web surfing should be restricted to work-related
matters or other purposes as authorised by the
School Head.
3) Users are advised to verify the integrity and
accuracy of materials downloaded from the
Internet. These materials have to be scanned to
ensure that they are free from malicious codes.
4) Materials downloaded from the Internet (e.g.
software) should be vetted to avoid infringement
of copyrights. Users should quote references of
all Internet materials used.
5) Information to be uploaded to the Internet
should be reviewed by the School ICT
Coordinator and authorised by the School
Head.
6) Only authorised officers are allowed to
participate in online public forums such as
newsgroups or bulletin boards. Users who
participate in such forums should exercise good
judgement on the information shared as they
represent the public image of the school,
Ministry of Education and the Government of
Malaysia.
11. 1 Acceptable Internet And E-Mail Usage
3
7) Users are prohibited from the following:
a) Violating the rights of any person or
company protected by copyright, trade
secret, patent or other intellectual
property, or similar laws of regulations,
including, but not limited to, the
installation or distribution of pirated
software that are not appropriately licensed
for use by the school.
b) Uploading, downloading, storing or using
unlicensed software.
c) Uploading, downloading, or sending files
greater than 2Mb that may paralyse the
computer network system and pre-empt
other official activities.
d) Preparing, uploading, downloading and
storing speeches, images or other materials
that may:
i) be constructed as sexual, ethnic and
racial harassment;
ii) cause chaotic situations of any form
such as rumour mongering, defamation
or instigation; and
iii) tarnish the reputation of the school,
M i n i s t r y o f E d u c a t i o n o r t h e
Government of Malaysia.
e) Engaging in non-work related activities
(commercial, political or others) which
interfere with staff productivity and
consume more than a trivial amount of
resources such as:
i) online chatting; and
12. 1 Acceptable Internet And E-Mail Usage
4
ii) download, storing and using entertainment
software such as those for playing
games, videos or songs.
f) Engaging in criminal activities such as
spreading of materials involving gambling,
weaponry and terrorism.
g) Misusing online public forums such as
newsgroups and bulletin boards.
8) Users are not allowed to engage in unauthorised
online activities such as hacking, sniffing,
hijacking or giving fraudulent information.
1.5 E-Mail
1) E-mail allows users to communicate with each
other in the form of electronic messages. The
usage of e-mail is getting more prevalent as it
allows more effective two-way communication.
2) All residents of a school are given e-mail
accounts for the purpose of official
correspondence. An example of an e-mail
address is name@moe.edu.my.
3) The usage of e-mail service is subject to the
rules stipulated in this section and the School
ICT Coordinator has the right to revoke such
usage if users do not comply with the rules.
4) E-mail is one of the official communication
channels within the school. As such, it has to be
composed with caution. For example, using
upper case is not encouraged as it is considered
inappropriate. Users are advised to compose
e-mail using simple, courteous and correct
language. Users should ensure that the subject
corresponds with the content of the e-mail.
13. 1 Acceptable Internet And E-Mail Usage
5
5) All official correspondence have to be sent via
the official e-mail account. Users should ensure
that the recipient’s e-mail address is correctly
entered prior to sending the e-mail. The carbon
copy (cc) can be used, should there be a need
to send the e-mail to other recipients. However,
a blind carbon copy (bcc) is not encouraged.
6) Users are not allowed to send e-mail
attachments that are greater than 2Mb.
Appropriate compression utilities such as WinZip
should be used to reduce the size of the
attachment.
7) Users should refrain from opening e-mail from
unknown or suspicious senders.
8) Users should scan all attachments prior to
opening.
9) All e-mail is not encrypted by default. Users are
prohibited from sending sensitive information
unless it has been first encrypted. Please refer
to Information Handling Procedure for details.
10) Users should verify the identity of users with
whom they communicate and exchange
information via e-mail. This is to protect
information from any form of misuse.
11) All official e-mail sent or received should be
archived accordingly. The user is encouraged to
archive the e-mail in other storage media, such
as diskettes, for safety reasons.
14. 1 Acceptable Internet And E-Mail Usage
12) Unimportant e-mail that is no longer needed or
has no archival value should be deleted.
13) Users are prohibited from the following:
a) sharing e-mail accounts;
b) using fake accounts and purporting to be
valid senders;
c) using e-mail for commercial or political
purposes;
d) sending or owning materials that are
against the law or cause sexual, ethnic or
racial harassment;
e) spamming; and
f) introducing or spreading malicious codes
such as virus, worms and Trojan horses
that will disrupt the network.
6
15. 2 Choosing Quality Passwords
2.1 Introduction
Passwords are one of the principal means of
validating a user’s authority to access a computer
system. Therefore, users should be aware of their
responsibilities in maintaining effective access
controls particularly regarding the use of passwords.
Given the number of passwords that one has to
keep track, it is crucial that the passwords selected
are easy to remember and follow good security
practices. This section provides some good
password security practices that all school users are
expected to follow.
2.2 Purpose
The main purpose of this section is to ensure that the
registered school users follow the best practices in
using and selecting passwords for all application and
network systems to which they have access.
2.3 Responsibilities
All school residents who are given access to the
school ICT system should comply with the guidelines
stipulated in this section.
2 Choosing Quality Passwords
7
16. 2.4 Compromise Of Passwords
Over time, passwords may be compromised in many
ways. The following are some examples where
passwords are compromised.
1) Users share them with friends or co-workers.
2) Written passwords are exposed to others.
3) Passwords are guessed, either by other users or
security diagnostic software.
4) The servers that store passwords are
compromised, and their passwords are accessed
by intruders.
5) Transmitted passwords are compromised and
recorded by an intruder.
6) Users are tricked into providing their passwords
to intruders via a social engineering effort.
2.5 General Password Rules
1) Passwords are to be kept strictly confidential and
are not to be shared. Do not disclose your
password to anyone at any time.
2) Do not write your password down or leave it
unsecured.
3) Do not leave a computer session unattended
unless it is locked and password-protected.
Never leave a computer idle for long periods
of time - shut it down and reboot when
necessary.
2 Choosing Quality Passwords
8
17. 4) If you suspect that anyone has gained access to
your password, contact the School ICT
Coordinator immediately to request for a
password reset.
5) After three (3) unsuccessful attempts to enter
the password, the user shall be disallowed from
using the system for a particular time period.
Intervention of the School ICT Coordinator will
be required to reset the password.
2.6 Password Composition Rules
One of the primary weaknesses of passwords is that
they may be guessed. While a user may give up after
guessing ten or a hundred possible passwords, there
is software which could easily try millions of
combinations and break the particular password.
Good password composition rules are as follows:
1) To combat password guessing attack, users are
advised to pick hard-to-guess passwords.
2) Users are required to choose their passwords
from the widest set of characters, subject to the
constraints of the possible systems where those
passwords reside.
3) Passwords should be at least eight (8)
characters long and contain alphanumeric
characters (e.g. p@S5w07D).
2 Choosing Quality Passwords
9
18. 2.7 Changing And Reusing Of Passwords
1) All default passwords should be changed during
the first log on.
2) To limit the possibility of passwords being
compromised, a practical solution is to change
them regularly, at most every 180 days, and
preferably more frequently.
3) Users should not reuse old passwords, as they
may have already been compromised.
4) Reuse of a user’s last four passwords should be
avoided altogether.
2 Choosing Quality Passwords
10
19. 3 Physical Security For The ICT Infrastructure
11
3 Physical Security For The ICT Infrastructure
3.1 Introduction
Physical security is the first layer of defence in any
ICT security architecture. The need to physically
protect assets from real or perceived threats cannot
be overlooked or mitigated by other security
disciplines. There is no substitute for good physical
security control.
3.2 Purpose
The purpose of these guidelines is to prevent
unauthorised access, damage and interference to the
ICT Infrastructure that could result in disruption or
damage to the school information asset.
3.3 Responsibilities
All school residents who are given access to the ICT
Infrastructure are required to observe these
guidelines.
3.4 Working In ICT Infrastructure
1) All computing facilities provided by the school
are used for facilitating the daily operations and
learning activities of the school residents.
Therefore, only authorised users such as
teachers, students and staff of the school are
allowed to use these computing facilities.
20. 3 Physical Security For The ICT Infrastructure
12
Third parties (or non-school residents) who wish
to use such facilities should be authorised by the
School Head.
2) Visitors or users to the computer laboratory,
media centre and access centre should log their
names, date, time and duration of access in the
log book.
3) All students using the computer laboratory
should be accompanied by a teacher. Students
who need to use the computers in the computer
laboratory without supervision of the teacher
should obtain permission from authorised
personnel.
4) After school hours, access to the computer
laboratory must be controlled and monitored.
5) Third parties such as vendors who provide
maintenance service to the equipment should
be escorted or supervised at all times while in the
ICT infrastructure.
6) Doors and windows to the computer laboratory
should be locked when unattended.
7) No food and drinks are allowed in the ICT
infrastructure.
8) Visitors or users to the computer laboratory
should take off their shoes (if necessary) to
ensure cleanliness of the place.
9) Users should shut down the system properly to
prevent computer damage.
10) Users should log off the system to prevent
unauthorised users from accessing the
system.
21. 3 Physical Security For The ICT Infrastructure
13
11) Users should keep the ICT infrastructure clean
and tidy at all times.
12) Users are not allowed to bring out any
equipment or devices which belong to the
school. Anyone found stealing or attempting to
steal will be subject to disciplinary action.
13) Users are not allowed to relocate the equipment
(e.g. switching of monitors), repair the faulty
equipment or change the configuration of the
system without authorisation by the School ICT
Coordinator or authorised school personnel.
14) Users should report to the School ICT
Coordinator or assigned school personnel when
they notice security incidents or potential
security incidents. These include incidents such
as break-ins, thefts, and hardware and software
failures.
15) Users should prevent computer overheating by
not covering the computer monitor vents.
16) All facilities such as air conditioners and lights
should be properly used. Users are required to
switch on these facilities when using the
computer laboratory. Similarly, these facilities
should be switched off after use.
22. 4 Mobile Computing
14
4 Mobile Computing
4.1 Introduction
Technological advancement has made mobile
computing devices available to a wide audience and
these devices are gradually used for easy access. The
prevalence of mobile computing devices has opened
up various security risks that could compromise the
confidentiality, integrity and availability of
information. The very nature of mobile computing
devices means that they are at a greater risk of theft
over their less portable counterparts. The latter are
normally located in secure premises with good
physical security, whereas mobile computing devices
normally reside outside an organisation’s physical
security perimeter. This section aims to establish a
procedural guidance to be observed by users of
mobile computing devices.
4.2 Purpose
This section is established to ensure information and
physical securities when using mobile computing
devices.
4.3 Responsibilities
All school residents who use mobile computing
devices for processing school information are required
to adhere to the guidelines outlined in this section.
23. 4 Mobile Computing
15
4.4 Use Of Mobile Computing Devices
1) The use of personal mobile computing devices
such as laptops, tablet PCs, palmtops and smart
phones for processing school information is
prohibited unless they have been first authorised
by the school administrator and configured with
necessary security controls such as anti-
malicious software or personal firewall under the
guidance of the School ICT Coordinator.
2) Third party mobile computing devices (owned by
contractors or vendors) should not be connected
to the school network or granted access without
first being authorised by the school
administrator and configured with necessary
security controls under the guidance of the
School ICT Coordinator. This is to prevent virus
infection of the school network.
3) All Ministry of Education owned mobile
computing devices should be installed with
necessary security controls such as anti-
malicious software before they are released to
the users. Such devices should be automatically
configured to receive security updates from the
server.
4) Use of mobile computing devices is subject to
Acceptable Internet and E-mail Usage.
4.5 Physical Security
1) Mobile computing devices should be physically
protected against thefts especially when left in
cars and other forms of transport, hotel rooms,
conference centres and meeting places.
24. 4 Mobile Computing
16
2) Mobile computing devices carrying important,
sensitive or confidential information should not
be left unattended and where possible, should be
physically locked.
3) It is important that when such devices are used
in public places, care should be taken to avoid
the risk of accidental disclosure of information to
unauthorised persons.
4) Mobile users should report to the School ICT
Coordinator or school administrator immediately
for any damage and loss of Ministry of Education
assets.
5) The movement of all mobile computing devices
owned by the Ministry of Education should be
recorded.
4.6 Configuration Changes
1) Users should not change the configuration or
system settings of mobile computing devices
supplied by the Ministry of Education except for
official and authorised purposes such as
configuring the network settings (IP address,
DNS address, etc.) based on the existing
network environment.
2) Mobile computing devices supplied by the
Ministry of Education should not be altered in
any way (e.g. processor upgrade, memory
expansion or extra circuit boards). If any
changes in software or hardware are required,
the users should seek authorisation from the
School ICT Coordinator. Only the School ICT
Coordinator is allowed to make such changes.
25. 4 Mobile Computing
17
4.7 Connecting Mobile Computing Devices To
Unsecured Networks
1) The school network is a protected environment
within which mobile computing devices are
well protected against infection by malicious
software and regular deployment of security
updates. Networks outside the perimeter of the
school, whether through a wireless local area
network at an airport or a broadband Internet
connection at home, are considered unsecured
networks. In this sort of environment, the
device is connected directly to the Internet with
none of the protections like firewalls in place.
This exposes the device to a great range of
threats, including direct attacks from entities on
the Internet, whether they be users or
malicious codes.
2) Users should refrain from connecting to
unsecured networks as this may expose
sensitive information to unauthorised parties.
3) If such connection is deemed necessary, users
may consider encrypting sensitive information to
prevent unauthorised disclosure. Data encryption
offers the best protection against the
dissemination of sensitive information from lost
or stolen devices. Information protected by
strong, well implemented, encryption techniques
can be rendered useless to a thief.
26. 5 Information Classification And Handling
18
5 Information Classification And Handling
5.1 Introduction
Information must be handled accordingly to ensure
the confidentiality, integrity and availability of the
information is not compromised. Information
classification and handling activities are performed to
safeguard national secrets. Often classified
information is kept (or should be kept) segregated
from each other. The possible impact on schools and
the Ministry of Education of disclosure or alteration of
information varies with the type of information.
Hence, the effort and cost warranted for protection
against these risks varies accordingly. Some basis is
therefore required to determine which security
measures are applicable to different types of
information.
5.2 Purpose
The main purpose of this section is to provide
guidelines for the classification of information and the
appropriate set of procedures for information handling
in accordance with the classification scheme defined.
5.3 Responsibilities
All school residents who are given access to
classified information are required to comply with
this section.
27. 5 Information Classification And Handling
19
5.4 Scope Of Coverage
All school information is bound by this section
irrespective of:
1) the way information is represented (written,
spoken, electronic or other forms);
2) the technology used to handle the information
(e.g. file cabinets, fax machines, computers and
local area networks);
3) the location of information (e.g. in the office,
computer lab or server room); and
4) the lifecycle of information (e.g. origin, entry
into a system, processing, dissemination,
storage and disposal).
5.5 Information Classification
According to the government’s Arahan
Keselamatan, information is classified into five
levels:
1) Public: Official documents/information available
for public knowledge, viewing or usage.
2) Restricted: Official documents/information
excluding those classified as Top Secret, Secret
or Confidential but required to be provided with
a security measure level. Refer to Table 1:
Information Handling.
3) Confidential: Official documents/information
if exposed without authorisation, even
though it does not endanger national security
- could have an impact on national interest
or dignity, the activity of the government or
28. 5 Information Classification And Handling
20
the individual; would cause embarrassment
or difficulty to the current administration;
and would benefit foreign authorities.
4) Secret: Official documents/information if
exposed without authorisation would endanger
national security, cause substantial loss/damage
to the national interest or dignity; and would
provide substantial benefit to foreign
authorities.
5) Top Secret: Official documents/information if
exposed without authorisation would cause
extreme loss/damage to the nation.
5.6 Information Handling
1) The asset owner should determine the
classification of information.
2) The handling of the information in any form
depends on the classification of the information
defined by the asset owner.
3) Sufficient security measures for classified
information are required to protect the
confidentiality, integrity and availability of the
information.
4) The existing or planned operating procedures
should consider all users who are allowed to
view classified information.
5) Users should have knowledge of those who
may endanger the security of classified
information and must abide by the guidelines
or procedures to prevent those people from
viewing it.
29. 5 Information Classification And Handling
21
6) Adequate authorisation and access control
should be implemented:
a) to prevent unauthorised people from
viewing classified information;
b) as classified information would depend on
the level of classification;
c) so that the School ICT Coordinator and
information owner can determine the
access rights of users who have access to
classified information.
7) The following provides the information handling
guide for each lifecycle of the information,
starting from its creation until destruction.
30. 5 Information Classification And Handling
22
Table1:InformationHandling
TopSecretSecretConfidentialRestrictedPublic
Labelling
Electronic
Media
Labelling
1)Labelledas‘TopSecret’or‘Secret’or‘Confidential’or
‘Restricted’.
Not
required
Hardcopy
Labelling
1)Labelledas‘TopSecret’or‘Secret’or‘Confidential’or
‘Restricted’onthefrontandbackcovers,andeverypageofthe
document.SeeArahanKeselamatan–Clause48-52.
2)Labelledwithareminder.SeeArahanKeselamatan–Clause
53.
Not
required
ReferenceTheownersoftherespectiveinformationshouldworktogetherwith
theschool’sadministrativepersonneltodefinethereferencenumber
foreachdocumentproduced.
Not
required
Storage
Storageon
FixedMedia
Encryptedwhereapplicableorothercompensatingcontrolssuchas
accesscontrols,passwordmanagementandothernetworkcontrols.
Not
required
Storageon
Exchangeable
Media
Encryptedwhereapplicableorothercompensatingcontrolssuchas
accesscontrols,passwordmanagementandothernetworkcontrols.
Not
required
34. 5 Information Classification And Handling
26
TopSecretSecretConfidentialRestrictedPublic
LossofDocuments/Information
Reportingof
loss
1)Lossofdocuments/informationshouldbereportedimmediately
totheschooladministratorwithin24hours.
2)Aninvestigationshouldbewarrantedtoestimatetheimpactof
suchlosses.Ifnecessary,areporttoexternalpartiessuchas
thepoliceshouldbemade.
3)SeeArahanKeselamatan–Clause75–76.
Not
required
35. Glossary
27
GLOSSARY
Alphanumeric Consist of the union of the set of alphabetic
characters characters and the set of numeric
characters.
Availability This is the effect on the system and/or
the organisation that would result from
deliberate or accidental denial of the
asset’s use. If a mission-critical system is
unavailable to its end users, the
organisation’s mission may be affected.
Loss of system functionality and
operational effectiveness, for example,
may result in loss of productive time, thus
impeding the end users’ performance of
their functions in supporting the
organisation’s mission.
Broadband A type of data transmission in which a
single medium (wire) can carry several
channels at once.
Confidentiality This is the effect on the system and/or
the organisation that would result from
the deliberate, unauthorised or
inadvertent disclosure of the asset. The
effect of unauthorised disclosure of
confidential information can result in loss
of public confidence, embarrassment, or
legal action against the organisation.
E-mail Short for electronic mail, one or many, the
transmission of messages over
communication networks.
Encryption The translation of data into a secret text
of gibberish that is not readable to
unauthorised parties.
36. Glossary
28
Exchangeable Material used to store data that can be
media taken out of a machine. Examples include
floppy disc, magnetic tape and compact
disc.
Firewall A system designed to prevent
unauthorised access to or from a private
network.
Fixed media Mass storage in which the material that
holds data is a permanent part of the
device. Example includes hard drive.
Information Individual/Division/Department/Unit who/
owner whom is referred to as the proprietor of
an asset.
Integrity This is the effect on the system and/or
the organisation that would result from
the deliberate, unauthorised or inadvertent
disclosure of the asset. The effect of
unauthorised disclosure of confidential
information can result in loss of public
confidence, embarrassment, or legal
action against the organisation.
Internet A global network connecting millions of
computers.
Local Area A network of computers confined within a
Network small area such as an office building or
school.
Malicious code A programme of piece of code that is
loaded onto the computer without the
owner’s knowledge and runs against the
owner’s wishes. Example include virus,
worm and Trojan horse.
Malicious A programme or piece of code that is
software loaded onto the computer without the
owner’s knowledge and runs against the
owner’s wishes. Example include virus,
worm and Trojan horse.
37. Glossary
29
Mobile Portable-computing devices that can
Computing connect by cable, telephone wire, wireless
transmission, or via any Internet
connection to any network infrastructure
and/or data systems. Examples of mobile
computing devices include notebooks,
palmtops, laptops and mobile phones.
Password One of the means of user authentication.
Password contains a series of characters
entered by the users to gain access to
the system.
School ICT A person who is appointed by the school
Coordinator to be in charge of management and
coordination of the school ICT
infrastructure.
Secure delete Assure the total wipe out of magnetically
recorded information.
Social In the field of computer security, social
Engineering engineering is the practice of obtaining
confidential information by manipulation
of legitimate users.
Spam Electronic junk mail or more generally
referred as unsolicited e-mail.
Trojan horse A Trojan Horse portrays itself as
something other than what it is at the
point of execution. While it may advertise
its activity after launching, this
information is not apparent to the user
beforehand. A Trojan Horse neither
replicates nor copies itself, but causes
damage or compromises the security of
the computer. A Trojan Horse must be
sent by someone or carried by another
program and may arrive in the from of a
joke program or software of some sort.
The malicious functionality of a Trojan
Horse may be anything undesirable for a
computer user, including data destruction
38. Glossary
30
or compromising a system by providing a
means for another computer to gain
access, thus bypassing normal access
controls.
Users Residents of schools who are using the
ICT facilities provided. For example,
teachers, students, clerks, administrators
and others.
Virus A virus is a program or code that
replicates itself onto other files with which
it comes in contact; that is, a virus can
infect another programme, boot sector,
partition sector, or a document that
supports macros, by inserting itself or
attaching itself to that medium. Most
viruses only replicate, though many can
do damage to a computer system or a
user’s data as well.
Wireless A method of communication that uses
radio waves to transmit data between
devices.
Worm A worm is a programme that makes and
facilitates the distribution of copies of
itself; for example, from one disk drive to
another, or by copying itself using e-mail
or another transport mechanism. The
worm may do damage and compromise
the security of the computer. It may
arrive via exploitation of system
vulnerability or by clicking on an infected
e-mail.
39. Glossary
31
References
1) Malaysian Public Sector Management of Information &
Communications Technology Security Handbook
(MyMIS).
2) Pekeliling Kemajuan Pentadbiran Awam Bilangan 1
Tahun 2003 - Garis Panduan Mengenai Tatacara
Penggunaan Internet Dan Mel Elektronik Di Agensi-
agensi Kerajaan.
3) Buku Arahan Keselamatan.
4) Prosedur dan Dasar Pengurusan Keselamatan
Sekolah Bestari Versi 2.0.
Enquiries
Enquiries about this document should be directed to:
Director
Educational Technology Division
Ministry Of Education
Pesiaran Bukit Kiara
50604 Kuala Lumpur
(Attn : Infrastructure and Repository Sector)
Tel.: 03-2098 7768/6245
Fax: 03-2098 6242
E-mail: sir@moe.edu.my
40. Glossary
32
CONTRIBUTORS
ADVISOR
Dato’ Haji Yusoff bin Harun Director
Educational Technology Division
EDITORIAL BOARD
Khalidah binti Othman Educational Technology Division
Chan Foong Mae Educational Technology Division
Anthony Gerard Foley Educational Technology Division
Haji Mohd Azman bin Ismail Educational Technology Division
Mohd Arifen bin Naim Educational Technology Division
Yap Ley Har Educational Technology Division
Junainiwati binti Mohd Deris Educational Technology Division
Roimah binti Dollah Educational Technology Division
Nik Fajariah binti Nik Mustaffa Educational Technology Division
Rozina binti Ramli SMK Aminuddin Baki, Kuala Lumpur
Nirmal Kaur SMK Victoria, Kuala Lumpur
Mohd Hisham bin Abdul Wahab SMK(L) Methodist, Kuala Lumpur
Ab. Aziz bin Mamat Sekolah Seri Puteri, Selangor
Abd Aziz bin Mohd Hassan SMK USJ 8, Selangor
Widiana binti Ahmad Fazil SMK Pandan Jaya, Selangor
Rogayah binti Harun Kolej Tunku Kurshiah, Negeri Sembilan
Mohd Zali bin Zakri SM Sains Tuanku Jaafar, Negeri Sembilan
Jaya Lakshmi a/p Mutusamy SMK(A) Persekutuan Labu, Negeri Sembilan
Azmi bin Abdul Latiff SMK(A) Persekutuan Labu, Negeri Sembilan
Haji Zulkiflee bin A. Rahman SM Teknik Muar, Johor
Daud bin Yusof SMK Buluh Kasap, Johor