POLICY STATEMENT
Safety is defined as a state that is free from unacceptable threats and risks. Security maintenance is a continuous process that involves periodic activities that must be carried out from time to time to ensure safety because threats and vulnerabilities are constantly changing.
ICT security refers to a state in which all activities involving the provision and supply of ICT-based services run continuously without any interruptions that could jeopardize security. ICT security is closely related to the protection of ICT assets. There are four (4) basic components of ICT security, which are:
(a) Protecting classified and official government information from unauthorized access.
(b) Ensuring that every information is accurate and complete.
(c) Ensuring the availability of information when needed by users.
(d) Ensuring access is granted only to authorized users or receiving information from legitimate sources.
The LKTN ICT Security Policy encompasses the protection of all forms of electronic information intended to ensure the security of the information and availability to all authorized users. The main characteristics of information security are as follows:
(a) Confidentiality – Information must not be disclosed arbitrarily or left accessible without authorization.
(b) Integrity – Data and information must be accurate, complete, and up-to-date. They can only be changed in an authorized manner.
(c) Non-repudiation – The source of data and information must be from a legitimate source and cannot be repudiated.
(d) Authenticity – Data and information must be guaranteed for their authenticity; and.
(e) Availability – Data and information must be accessible at all times.
In addition, measures towards ensuring ICT security must be based on a suitable assessment of the current changes to the inherent weaknesses of ICT assets; the existing threats resulting from these weaknesses; the possible risks that may arise; and appropriate preventive measures that can be taken to address the relevant risks.