Strengthening Information Security in Universiti Malaya
The Internal Audit Section (SKAD) plays a pivotal role in ensuring the effectiveness of Universiti Malaya’s (UM) information security measures. As the guardian of compliance and assurance, SKAD undertakes rigorous audit activities to uphold the institution’s adherence to established standards and best practices. These efforts encompass information security assurance, compliance assessments, and risk evaluations that are vital to UM’s operational integrity and stakeholder trust.
In today’s rapidly evolving landscape, organizations face numerous challenges arising from digital transformation, the adoption of emerging technologies, and ever-changing regulatory complexities. Universiti Malaya (UM) recognizes the critical need to stay ahead of these challenges by implementing robust information security measures to safeguard its operations and protect stakeholder interests. UM’s adoption of the ISO/IEC 27001 Information Security Management System (ISMS) represents its strategic approach to managing information security risks effectively. To address these needs, UM has embraced the ISO/IEC 27001 framework, transitioning from the 2013 version to the 2022 version of the standard, reflecting its commitment to continuous improvement and adaptation.
By implementing ISMS, UM strengthens the protection of its information and ICT assets, guided by the core principles of Confidentiality, Integrity, and Availability. This structured approach not only enhances UM’s resilience against threats but also instills confidence among stakeholders that risks are managed appropriately and effectively.
Guided by frameworks such as COBIT 2019 and the Global Technology Audit Guide (GTAG) by the Institute of Internal Auditors (IIA), SKAD delivers IT audits with a comprehensive perspective. This approach enables SKAD to assess UM’s systems against a broad array of criteria, ensuring risks are not only identified but also effectively mitigated.
To further strengthen its audits, SKAD leverages advanced Computerized Audit Tools & Techniques (CAATs), with ACL Analytics as a cornerstone of its data analysis strategy. These tools empower auditors to uncover trends and potential risks, offering actionable insights that enhance UM’s overall security posture. Through continuous training, SKAD ensures its team remains proficient in using these technologies, fostering a culture of innovation and excellence.
SKAD is dedicated to maintaining a team of highly skilled professionals equipped with the knowledge and expertise required to conduct thorough audits. Auditors consistently enhance their competencies through professional development opportunities, including specialized courses, workshops, seminars, and collaborations with other universities and professional bodies. This continuous learning culture ensures that SKAD remains at the forefront of information security auditing practices.
💻 System Audits: Analyzing information systems for operational effectiveness.
📊 Data Analytics: Leveraging data insights to support decision-making.
🔒 Security Audits: Ensuring data protection and system resilience.
✅ Compliance Checks: Aligning processes with regulatory requirements.
SKAD’s proactive approach to auditing and data analysis supports the university’s strategic goals, enhances operational efficiency, and ensures robust compliance with internal and external regulations, fostering a secure and data-driven environment for all stakeholders.
Last Update: 04/12/2024