Information Security Management System (ISMS) Risk Assessment Workshop In 2023 | CENTRE FOR QUALITY ASSURANCE (CQA)
» NEWS » Information Security Management System (ISMS) Risk Assessment Workshop In 2023

Information Security Management System (ISMS) Risk Assessment Workshop In 2023



15 March 2023, Serdang - Centre for Quality Assurance has organized a Risk Assessment Workshop, Information Security Management System (ISMS) Year 2023 at the Seminar Hall, Faculty of Engineering, UPM and also through the Google Meet Application with the UPMKB. This workshop held on 15 to 16 March 2023 is one of the annual activities in the Information Security Management System implementation calendar at UPM.

A total of 39 participants attended this workshop involving members of the ISMS Team consisting of the Serdang Campus Undergraduate New Student Registration Team, the Bintulu Campus New Undergraduate Student Registration Team, the Data Center Team, the Undergraduate Teaching Evaluation Team at the Faculty and the Graduate New Student Registration Team.


This workshop aims to review the ISMS risk assessment that has been carried out in March 2022 and further provide a risk assessment report along with a risk recovery plan as a result of the latest assessment of ICT asset risks that impact the implementation of ISMS so that the most effective approach and decision can be prepared based on the Methodology The Malaysian Public Sector Information Security Risk Assessment System (MyRAM). MyRAM is updated when there is a change or addition of ICT assets for the scope of the ISMS involved. Assets will be assessed as either Low, Medium or High based on the main principles of information security which are Confidentiality, Integrity and Availability.


Determining the level of risk provides the organization with the information needed to select appropriate safeguards and control measures to reduce the risk to an acceptable level. The output of the risk assessment process is the input for the decision-making process that determines whether to accept, reduce, transfer or avoid the risks that have been identified. This will be done in the Selection of Controls and shown in the Risk Treatment Plan (RTP) (Risk Recovery Plan).

Date of Input: 29/03/2023 | Updated: 29/03/2023 | aidawati


Universiti Putra Malaysia
43400 UPM Serdang
Selangor Darul Ehsan
03-9769 1508
03-9769 1489