15 March 2023, Serdang - Centre for Quality Assurance has organized a Risk Assessment Workshop, Information Security Management System (ISMS) Year 2023 at the Seminar Hall, Faculty of Engineering, UPM and also through the Google Meet Application with the UPMKB. This workshop held on 15 to 16 March 2023 is one of the annual activities in the Information Security Management System implementation calendar at UPM.

A total of 39 participants attended this workshop involving members of the ISMS Team consisting of the Serdang Campus Undergraduate New Student Registration Team, the Bintulu Campus New Undergraduate Student Registration Team, the Data Center Team, the Undergraduate Teaching Evaluation Team at the Faculty and the Graduate New Student Registration Team.

This workshop aims to review the ISMS risk assessment that has been carried out in March 2022 and further provide a risk assessment report along with a risk recovery plan as a result of the latest assessment of ICT asset risks that impact the implementation of ISMS so that the most effective approach and decision can be prepared based on the Methodology The Malaysian Public Sector Information Security Risk Assessment System (MyRAM). MyRAM is updated when there is a change or addition of ICT assets for the scope of the ISMS involved. Assets will be assessed as either Low, Medium or High based on the main principles of information security which are Confidentiality, Integrity and Availability.

Determining the level of risk provides the organization with the information needed to select appropriate safeguards and control measures to reduce the risk to an acceptable level. The output of the risk assessment process is the input for the decision-making process that determines whether to accept, reduce, transfer or avoid the risks that have been identified. This will be done in the Selection of Controls and shown in the Risk Treatment Plan (RTP) (Risk Recovery Plan).