ESTABLISHMENT AND QCERT COORDINATION
1. The State Government has formed the CERT team which is known as Quality Computer Emergency Response Team (QCERT). QCERT gives first level support in tackling ICT incident which occurred in State Government agencies, before they are reported to the Central Government Level.
2. QCERT is fully owned by the Sarawak State Government, where this team is lead by ICT Unit, Chief Minister’s Department.
ICT SECURITY INCIDENT
3. Security incident means disaster (adverse event) which occurred on the information system and communication (ICT) or possibility threat happened in that incident. It may be an act which violates the ICT's safety policy either that is fixed explicitly or implied.
4. Types of Incidents that can be ensured are as follows:
PRIORITY LEVEL ACTION ON INCIDENT
5. Action on incident which occurred must be done based on the severity of the incident. Priority level action on incident would be determined as follows:
6. QCERT team 's structure are shown in Model 1 proposed below:
7. QCERT membership are proposed as follows:
HEAD DEPARTMENT RESPONSIBILITY
8. Head Department should play an important role to ensure agencies comply with the instructions on incident management in their agencies under respective control. Head Department must also ensure that the department and agency under their control, increase compliance on act requirement, directive, rules and procedure related to ICT security.
9. It is responsible in overcoming all ICT security incidents reports which involves public sector in the Sarawak State. On the whole, the QCERT task were as follows:
(a) Receive and take action on reported security incident;
(b) Disseminate information to help strengthening ICT security 's in public sector from time to time;
(c) Provide advisory services to agencies in detecting, identifying and handling security incidents; and
(d) Report incident to the Central Government, Government Computer Emergency Response Team (GCERT), MAMPU.
10. Action on reported incident can be made based upon severity of the incident. On the whole its priority would be determined as follows:
Activities which probably threaten life or security of State and country.
a. Invasion or attempt to trespas internet infrastructure on:
i. Domain Name Server (DNS)
ii. Network Access Points (NAPs)
iii. Pusat-pusat pangkalan data utama
b. Obstacle in Granting extensive service (Distributed Denial of Service)
c. Attack or latest danger exposure (new vulnerabilities); or
d. Other types of incidents such as:
i. Invasion through identity forgery
ii. Website modification, software, or any component in a system without knowledge, directive or agreement from other
iv. System interruption on data processing or unauthorized data storage.
INCIDENT REPORT PROCESS FOR STATE LEVEL
11. Incident report can be made by the agency’s ICT Security Officer(ICTSO) by on-line at QCERT portal through the Sarawak Civil Service Portal (www.sarawaknet.gov.my). QCERT Portal is listed under "EG Application" as shown in the screencapture below:
12. QCERT can also be contacted through:
555999 (seluruh Negeri)
082-555999 (seluruh Negeri)
555888 (seluruh Negeri)
To be informed that the QCERT line number is the same as Talikhidmat number.