Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
AT
1128541
COMMUNICATION ENGINEERING
2015
VERIFICATION STATEMENT
……………………….
( )
i
ACKNOWLEDGEMENT
Engineering Internship Training (EIT) is a coursework entitled to every engineering
student in IIUM. Each student is given opportunity to choose their own preferable company
to undergo the EIT. I am grateful that I was granted a golden opportunity to complete my
EIT in the biggest telecommunication company in Malaysia which is Telekom Malaysia
Berhad.
First and foremost, I would like to express my gratitude to Allah S.W.T for giving
me the strength to complete my internship in three months without facing a lot of
difficulties. In addition, I would also like to thank my supervisor, Puan Nuremi bt Abdul
Halim for her undivided attention and help through my training. During my three months
of internship, she always helped me and gave a lot of beneficial lesson in the working field
to me. Besides that, I would like to thanks fellow executives in Information Security and
Business Continuity Management (ISBCM) unit for their help and experience sharing in
working with me. It would not be easy for me to endure this three months of office works
without them.
Here, I would also like to thank Dr. Ahmad Zamani bin Jusoh, who kindly spent
his time to visit me at the company and who will also be the assessor of my Engineering
Industrial Report (EIT) final report. I was really grateful to him for his warm and
comfortable attention during the visit. He was also very kind and friendly towards me and
my supervisor. After the visit, my supervisor got a different perspective towards the
lecturer and respected them more. On top of that, I would like to thank my parents and
friends who always supported me during this period. Last but not least, I would like to
express our gratitude to Kuliyyah of Engineering for giving me a golden opportunity to
gain experience in such a great company.
ii
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION 1
iii
3.1.3 Information Security Info graphic Poster 18
3.1.4 NOC BCM & IS Awareness Seminar 22
3.1.5 TM Statement of Applicability; Gap Analysis 26
3.1.6 TM Change Management System 31
3.1.7 TM Dashboard 32
3.1.8 ISMS Readiness Dashboard 35
3.1.9 Request For Change Dashboard 38
3.1.10 OLA Dashboard 39
3.2 Problem Encountered and Problem Solving Process 41
3.2.1 Lack of Knowledge on Access Database 41
3.2.2 Limited Creativity on Design 41
CHAPTER 4 CONCLUSION 42
CHAPTER 5 REFERENCES 43
APENDICES 44
iv
LIST OF FIGURES
Figure 1 TM Logo 2
Figure 2 Managers of ISBCM Unit 5
Figure 3 Executives of Information Security Team 5
Figure 4 Data Analysis Report 17
Figure 5 Sample of Info Graphics by TM 18
Figure 6 Awareness Seminar Poster 22
Figure 7 GUI for the SoA Application 29
Figure 8 Input has been added into the Combo box 29
Figure 9 Radar Chart as a Result of the Calculation of Gap Analysis 30
Figure 10 TM CMS 32
Figure 11 Main Menu of CMS 32
Figure 12 GUI for TM Dashboard Creator 33
Figure 13 Input is added using Control 34
Figure 14 Created Dashboard 34
Figure 15 Created Report 35
Figure 16 GUI for ISMS Dashboard Creator 36
Figure 17 Created Dashboard 36
Figure 18 Details of Dashboard 37
Figure 19 GUI Control for RFC Dashboard 38
Figure 20 Dashboard for Successful RFC 38
Figure 21 Dashboard of detailed RFC for every NM 39
Figure 22 GUI Control for OLA Dashboard 39
Figure 23 Dashboard for Overall OLA 40
Figure 24 Dashboard of detailed OLA for every NM 40
v
CHAPTER 1
INTRODUCTION
1.1 Background of the Company
On the 14 April 2005, TMB has undergone rebranding which was officiated by Dato
'Seri Abdullah Haji Ahmad Badawi, Prime Minister of Malaysia at that time. It was a
platform to inject a new enthusiasm and passion to the overall image of the company and
to approach customer service culture which is more fresh and energetic. Prime Minister of
Malaysia willingness to officially launch the new brand identity showed the support of the
Government towards TM in the company’s quest to bring real and new change to TM.
1
Figure 25 TM Logo
The new identity is the visual identity of the second change of the Company since 1990
when it became a public listed entity, and it was already 15 years since the last time the
brand change. This rebranding process is an essential step forward towards the
transformation initiatives that strengthen and supported TM business development strategy
which was unveiled recently. Furthermore, this rebranding will help TM handle rapid
changes in markets and technology.
The first identity change occurred in the year of 1987 when the Company was shifted
from a government entity to a corporatized body, known as STM or Telekom Malaysia.
This was followed by another change of name and identity to Telekom Malaysia Berhad
as the Company is listed on the Main Board of Bursa Malaysia on 7th November 1990. All
these occurrence of transformation involved changes in the name and logo of the company.
The efforts of changing the brand, possessed a deeper focus. The reasons of the
transformation were very enticing. The first reason was the year of 2005 marked the 15th
anniversary of the TM was enlisted entity on Bursa Malaysia, so this rebranding was hoped
to inject a fresh approach to the brand and to bring a reformation to the overall company
brand identity. Secondly, the fresh approach was taken by the company to strengthen the
efforts in the previous changes. Thirdly, the re-branding efforts will help to render the
brand from being identified as the only local brand and placed them back in line with other
well-known international telecommunications companies competing in this region.
Transformation of the rebranding included changes to the provision of TM perception. This
modification represents more than just the mere outward change the logo and name change,
but the main thrust of this transformation is to plant a customer service oriented culture
among members and will be strengthened by improving the quality of services rendered.
2
In order to realize the transformation, TM is focusing on providing an intensive training
for all members of the “front-line” staff. This was meant to equip them with the necessary
customer service skills so that they can provide a good quality of services in a professional
and consistent manner for all customers touch points. In addition, TM is rolling out a CRM
IT infrastructure that will improve the systems and processes to ensure that all of the 'liner'
ready to deal with inquiries from customers. These changes are aimed to show the new
identity TM as an emphatic, bold, enthusiastic and energetic.
Telekom Malaysia Berhad (TM) possessed its own values to serve as the track as
well as the natural guide to achieve its corporate mission and vision. These values will help
to mold Telekom Malaysia Berhad (TM) in the quest of becoming a world-class
telecommunications company.
3
1.3.1 Total Commitment to Customer
Telekom Malaysia Berhad (TM) is committed to the truth and honesty in all actions.
Therefore, Telekom Malaysia Berhad (TM) is entitled to be honest, dedicated and
committed to the organization's aspirations TM and always fair in their dealings with
customers, suppliers and colleagues.
Teamwork and mutual respect for each other is the practice in the organization
Telekom Malaysia Berhad (TM). Telekom Malaysia Berhad (TM) continues to seek a
harmonious environment and is conscious to the cooperation, kindness, language, mutual
understanding, have an open mind and always appreciate the opinions and feelings of
others is a culture employees of Telekom Malaysia Berhad (TM).
In TM, there are various divisions and units to ensure a better management of the
company. ISBCM section is located under Data Network Management (DNM) division
under department of Information Technology and Network Technology (IT&NT) Telekom
Malaysia Berhad.
4
1.4.1 Organizational Chart
5
1.4.2 Jobs and Functions
Coordinator for Security Initiatives in their respective Division.
Subject matter expert in developing and maintaining Security Initiatives and
activities.
Advises on issues of security and risk reduction in their respective division.
Plan and implement the security training and awareness in respective division.
Responsible for setting-up security policies, evaluating new threats and reducing
risk of intrusion, loss of data integrity and compliance violations.
Suggests and evaluates resources for approaching security concerns, and generates
initiatives to propose major projects that will improve NOC security.
6
CHAPTER 2
SUMMARY OF DUTIES
During the internship, all students are required to write a summary on their daily
activities in terms of brief description of practical training exercise done, details of the
project participated and the types of skills obtained. Here is a summary of weekly activities
done during my internship in TM.
On the first day of internship, I was ordered to report duty to the Information
Security and Business Continuity Management (ISBCM) unit, IT and Network Technology
– Division Data Network Management (DNM) at TM IT Complex, Cyberjaya. I was put
under the supervision of Puan Nuremi bt Abdul Halim, the manager of Information
Security (Compliance & Governance), ISBCM unit. There are another two executives
working under Puan Nuremi as her assistants, En. Muhammad Shazarizul Harizzat Mohd
Samsuri and Puan Najihah Mat Noh. Firstly, I have been introduced to the company’s
organization chart. I have been briefed about the Information Security Management System
(ISMS) which is currently being applied and developed in the TM Company. Besides that,
I have been given task to summarize a network data analysis report. The task was quite
simple involving the usage of Microsoft Excel and Adobe PDF. I have also attended two
meetings with the unit members. During the meeting, besides getting my job scope, I got a
lot more of information about the attempt to breach TM security and few applicable action
and solution to counter it, briefed by another unit member, En Amir. The members were
also discussing about their job description and activity list as they needed to send a half
year report to the upper management. The first week was finally ended with a ‘gotong-
royong’ with fellow officers in the right wing of level 2, TM IT complex as we were going
to enter the month of Ramadan on the following week. Last but not least, on the Friday
evening, I have been to another meeting conducted in the next building, TM NOC
discussing about the aftermath of the recent earthquake in Sabah which involved a few
TM’s assets there.
7
2.2 Week 2(15th June – 19th June)
I have learned a lot more about the ISMS, which has 14 domain in its Standard. I
was also assigned to do a quick research on ‘safer online shopping’ for info graphic poster
in information security programs, initiatives and engagements. The poster was created to
raise awareness on safety of online shopping. On Wednesday, I attended a seminar on
‘Network Operation Centre (NOC) Business Continuity Management (BCM) and
Information Security (IS) Awareness’ at Telekom Malaysia Convention Centre (TMCC)
in Kuala Lumpur. I have learned a lot of thing regarding my unit during the seminar.
During the fourth week, I have managed to create and finalize the ISMS Statement
of Applicability system. The GUI for the system is also touched up to make it more
attractive and easy to use. Besides that, the info graphic poster assignment that was given
during the 2nd week had also been done and finalized. Lastly, I was introduced to the change
management system in TM. I have learnt quite a few things on the order to ‘request for
change (RFC)’ for the company. I was assigned to analyze the RFC under 4 topic which
are status, category, impact and DN/NOC.
8
2.5 Week 5(6th July – 10th July)
In week 5, I have been assigned to make an analysis to the RFC report. This time,
I have learned a lot of tricks and options that can be used in Microsoft Excel. I learnt how
to create pivot table based on data and the usage of filter option. For the 2nd assignment, I
was introduced to TM Dashboard which is used to show the progress for ISMS. There are
5 steps of progress shown; review, amendment, verification, endorsement and awareness.
At first, I was assigned to design a better dashboard which is ought to be more attractive.
Then, I was asked to create an application, which will automate the progress bar for the
dashboard. As usual, I started my visual community application and learnt more on
progress bar functionality in visual basic programming. Last but not least, I got to analyze
the attendance data for members in the ISBCM unit. There are basically 4 main concerns
in the attendance which are working days, leave including annual, emergency and medical,
late in or out, and missing in action.
During week 6, I have completed the 2nd assignment which was to create the
dashboard. I have also done a few summarization for the EIT report and slides. Since
EidulFitri is on Friday, I have applied for 2 days off on Wednesday and Thursday.
Another week passed with only two days of attendance since I took another three
days off this week. After a long holiday, I was excited to test the compatibility of my
programs to be used as a published application. I have got it tested on few different version
of PC and find quite a few problem, mostly caused by font used which is not compatible
globally. After a few changes, the applications can run smoothly.
During the eighth week, I have already been preparing for the slides and report
since the lecturer from IIUM was going to visit soon. I have compiled all the projects that
have been done so far. Besides that, I started to do a deep research on TM Company. I
learnt the company’s background, its vision and mission, and core values. The study was
9
included in the EIT report. I have done 60% of the EIT report including Introduction,
Summaries of Duties and Working Experiences.
On Tuesday, all unit member of the ISBCM unit had a mini gathering for Hari Raya
celebration at Taman Tasik Perdana Kuala Lumpur. Back to work, I was assigned to
retouch the info graphic poster that have been done previously. It took a whole lot of time
for me to redo the poster as the previous one is having a huge amount of words and this
isn’t parallel to the nature of info graphic poster which need to have more graphical image
than words.
Basically, I used up this week to prepare power point slides for the presentation
during lecturer’s visit. On Thursday, I was visited by Dr. Zamani Jusoh from IIUM to
present my internship training. The presentation was done together with three other IIUM
students; Ameer Amri bin Kamarulzaman and Fathin Nur Najati bt Abdul Halim. Later on,
I was assigned to create another dashboard for my colleague but before that, I was briefed
about the project. This time, the dashboard is not for ISMS but for another unit which is IS
Control and Assurance.
10
2.12 Week 12(24th August – 28th August)
It’s the last week for my internship training at TM, on Monday, we have a potluck
party at the office. The rest of the week was used to finish my EIT report as fulfillment
for my Industrial Training course. Besides that, I joined a few activities conducted by the
musolla such as Yasin recitation and Kuliah Zuhur. On the last day, I was given a lot of
advice and recommendations by the manager on my life journey after finishing my
degree. That marks the end of my internship for three months at Telekom Malaysia
Berhad. Let’s go back to school!
11
CHAPTER 3
WORKING EXPERIENCE
3.1 Projects Carried Out
3.1.1 ISMS
1. Scope
Requirement to establish, implement and maintain information security
management system within the organization.
Example; in TM there are TMNOC, or Server Room
2. Normative Reference
ISO/IEC 27000
3. Terms and Definitions
4. Context of Organization
Understanding organization and its context
Organization shall determine the issues that are relevant and affect
its ability to achieve the outcome of ISMS.
Understanding needs and expectations of interested parties
Organization shall determine the interested party and its requirement
relevant to ISMS.
Information Security Management System
Organization shall establish, implement, and continually improve
ISMS accordance to its standard.
5. Leadership
Leadership and Commitment; Top management should
Ensure the security policy are established and compatible with the
organization.
Ensure the integration of ISMS requirement in organization process.
12
Ensure the resources needed for ISMS are available.
Ensure ISMS achieves its intended outcome
Promoting continual improvement of ISMS
Directing and supporting people to contribute to the effectiveness of
ISMS
Support other managerial roles
Policy
Should be appropriate with the purpose of the organization
Include information security objectives
Include commitment to satisfy applicable requirement
Include commitment for continual improvement of ISMS
The Information Security Policy (ISP) shall:
Available as documented information
Be communicated within the organization
Available to interested parties
6. Planning
Organization shall:
Ensure ISMS can achieve its intended outcome
Evaluate the effectiveness of action
Plan action to address the risk
Achieve continual improvement
Prevent, reduce undesired effect
In Information Security Risk Assessment, Organization shall define and
apply risk assessment by:
Identify the information security risk
Analyze the information security risk; its consequences and level
Evaluates the information risk by prioritizing for risk treatment
Ensure repeated risk assessment produce consistent, valid and
comparable result
Establish and maintains information security risk criteria
In Information Security Risk Treatment, an organization shall:
13
Select appropriate risk treatment options using assessment result
Determine control that are necessary to implement treatment chosen
Produce statement of applicability that contains necessary control
Formulate risk treatment plan
Obtain risk owner’s approval and acceptance
14
Contribution
Implication of not conforming with ISMS
Communication
Documented information
Organization should include documented information of ISMS
related policy
8. Operation
Operational Planning and Control
An organization shall:
Plan, control and implement process needed to meet
information security requirement
Keep documented information
Control planned changes and review consequences of action
Ensure process are determined and controlled
Information Security Risk Assessment
Perform assessment as planned interval
Retain documented information as results assessment
Information Security Risk Treatment
Implement the treatment plan
Retain documented information as results treatment
9. Performance Evaluation
Monitoring, Measurement, Analysis and Evaluation
Organization shall determine:
What needs to be monitored and measured
Methods for monitoring and measuring
When the monitoring should be performed
Who shall monitor and measure
When the can be analyzed
Who shall analyze the result
Internal Audit
Organization shall:
15
Plan, maintain an audit program
Define audit criteria and scope for each audit
Select auditors
Ensure results are reported to management
Retain documented information as evidence
Management Review
Review shall consider:
Status of action from previous review
Changes in issues that are relevant to ISMS
Feedback
Results of risk assessment
10. Improvement
When a nonconformity occur, an organization shall:
React, take action and deal with consequences
Evaluate need of action to eliminate cause of nonconformity
Implement any action needed
Review effectiveness of any action taken
Make changes to the ISMS
Continual improvement
ISMS should always be improved for a better future
16
3.1.2 TM Network Operation – Data Analysis Report
Data analysis is important to make sure the progress of implementation for the
ISMS is going to be on track. Thus, I was assigned to analyze the data for every section
in ISBCM. My work for this report is simple. I just need to transfer data and graph from
Microsoft Excel into a PDF Document.
17
3.1.3 Information Security Info graphic Poster
Info graphics are more eye-catching than printed words, since they usually
combine images, colors, movement, and content that naturally draw the eye.
Since most of us have increasingly shorter attention spans, we tend to “scan”
material as opposed to actually reading text. Furthermore, we tend to
remember information that we’ve seen more so than read.
18
Info graphics are extremely shareable for use around the web. For example,
an info graphic published on a Word Press blog or website usually provides
an embed code. They are also easily shared on social networks and have a
better chance of becoming viral compared to ordinary text.
Info graphics can be used to reinforce a brand, simply because they are so
visually appealing. If design of an info graphic is consistent with colors,
shapes, and messages, along with an organization logo, it will have an
effective means of “Brand Awareness”.
A well designed and aesthetically pleasing info graphic will drive people to
an organization site since they are more likely to “share” and “click” on it.
Also, this can help with Google’s “Page Rank” algorithm, which is
important for SEO.
Finally, info graphics are a fun and engaging medium that can generate a
unique connection with visitors to either company’s site or a location that
has featured the info graphic.
I was assigned to create an info graphic poster entitling ‘safer internet shopping’.
Firstly, I searched for more information on the topic from the internet and then I tries to
convey the messages into a poster in terms of drawing and design. From the project, I have
obtained a lot of new skills in Adobe Photoshop. Examples are marque tool, quick selection
tool, and editing tool. The final design of the poster is shown below.
19
20
21
3.1.4 NOC BCM & IS Awareness Seminar
During the 1st month of my internship, as I struggled to understand the basic concept
and the functionality of ISBCM unit in the company, I was required to attend a seminar
which was held at the Telekom Malaysia Convention Centre in Kuala Lumpur. I have
gathered a lot of knowledge during the Seminar. The summary are written below.
Basically, there are 4 unit under Information Security and Business Continuity
Management (ISBCM) Section.
22
Threat – something that can potentially damage network and organization.
Vulnerability – weakness in the organization that can be exploit by a threat.
Risk – threat + vulnerability
Plan, Check Do and Act (PDCA) method is used against threat.
The PDCA process:
Establish the ISMS
o Define ISMS Context and Requirement
o Organization Chart and Business Functions
o IS & Business Objectives
o Interested Parties
o Interface & Dependencies
o Internal & External Issues
Implement and Operate the ISMS
o Consolidate assets registered
o Conduct risk assessment
o Implement risk treatment plan
o Training & awareness programs
o Implement procedure & controls
Maintain and Improve the ISMS
o Identify actions towards
o Non-compliance and improvement
o Receive approval and acknowledgement from management
o Provide feedback to Internal & External Auditors
Monitor and Review the ISMS
o Monitor & review ISMMM
o Conduct Compliance Checking
o Facilitate internal & external audit
o Conduct Management review for management feedback
Example of security measures – 10 minutes screen lock for laptop.
2. Information Security; Compliance and Governance Unit (ISCG)
ISMS vs. QMS – security oriented vs. quality oriented.
23
Information Security Management System (ISMS) – apply risk
management process to ensure risk are adequately managed.
There are 14 domain and 10 clause in ISMS.
Information Security Policy
Organization of Information Security
Human Resource Security
Asset Management
Access Control
Cryptography
Physical and Environmental Security
Operations Security
Communications Security
System Acquisition, Development and Maintenance
Supplier Relationship
Information Security Incident Management
Information Security Aspect of Business Continuity Management
Compliance
Example of control in the ISMS domain; 4 classification of Information
Public
Internal Use
Confidential
Secret
3. Business Continuity Management; Risk Management and Business Impact
Analysis (RMBIA)
BCM ensures that TM businesses continue to function with little or no
interruption of operations and services in the event of any disruptions due
to natural disaster or manmade disaster.
To minimize service disruptions and increases the ability of TM to reliably
meet the needs of our customers and stakeholders, resulting in a reputation
24
as a reliable provider of telecommunication services, and, possibly, in
improved profitability and increased market share.
Business Impact Analysis (BIA) – process of analyzing business functions
and the effect that business disruption might have upon them.
Risk Analysis – assessment process that identify, analyze, and evaluate the
risk if incidence to occur to the organization.
Generic BIA process
Identify business unit
Identify critical function
Data collection
Data analysis
Report
25
Business Continuity ensures that businesses continue to function with little or
no interruption of operations and services in the event of any disruptions
including, but not limited to, power outages, telecommunications failures,
terrorist attacks, fires, natural disasters, and sabotage.
The basic concept of business continuity and disaster recovery is simple:
minimize service disruptions and the resulting financial losses.
This increases the ability of organizations to reliably meet the needs of their
customers and stakeholders, resulting in a reputation as a reliable provider of
goods and services, and, possibly, in improved profitability and increased
market share.
To achieve these objectives, organizations must implement Business Continuity
Management. BCM is a process driven method to safeguard organizations’
reputation, profitability, and, should there be a major catastrophe, survival.
These are BIA clusters:
Data
Center
Metro Hill
Exchange Station
7 Clusters
of BIA
Submarine Suburban
/ Satellite Exchange
Station
Rural Island
Exchange Station
26
assessment and treatment and the implementation of information security – its purpose is
to define which of the suggested 114 controls (security measures) from ISO 27001 Annex
A will apply, and for those that are applicable the way they will be implemented. As Annex
A is considered to be comprehensive, but not exhaustive for all situations, nothing prevents
the organization from also considering another source for the controls. There are six levels
in which every controls are analyzed. The levels are:
First of all, during risk treatment, the controls that are necessary is identified
because the identified risks need to be decreased; however, in SoA the controls that
are required because of other reasons are also identified – i.e. because of the law,
contractual requirements, because of other processes, etc.
27
Third, the Risk Assessment Report could be quite lengthy – some organizations
might identify a few thousand risks (sometimes even more), so such a document is
not really useful for everyday operational use; on the other hand, the Statement of
Applicability is rather short – it has a row for each control (114 from Annex A, plus
the added ones), which makes it possible to present it to management and to keep
it up-to-date.
Fourth, and most important, SoA must document whether each applicable control
is already implemented or not. Good practice (and most auditors will be looking for
this) is also to describe how each applicable control is implemented – e.g. either by
making a reference to a document (policy/procedure/working instruction etc.), or
by shortly describing the procedure in use, or equipment that is used.
28
Figure 31 GUI for the SoA Application
29
Figure 33 Radar Chart as a Result of the Calculation of Gap Analysis
For the calculation part, I set marks to each of the level by increment of 1 starting from 0
for ‘non-existent’. But, there is no mark allocated if the selection of level ‘out of scope’ is
made. Instead, the control will be ousted from the calculation permanently. The following
code shows the calculation of the gap analysis for the first domain.
If cb1.SelectedIndex = 0 Then
valued1 = 0
ElseIf cb1.SelectedIndex = 1 Then
valued1 = 1
ElseIf cb1.SelectedIndex = 2 Then
valued1 = 2
ElseIf cb1.SelectedIndex = 3 Then
valued1 = 3
ElseIf cb1.SelectedIndex = 4 Then
valued1 = 4
ElseIf cb1.SelectedIndex = 5 Then
valued1 = 5
Else
d1 = d1 - 1
valued1 = 0
End If
markd1 = markd1 + valued1 'combobox1
'combobox2
If cb2.SelectedIndex = 0 Then
valued1 = 0
ElseIf cb2.SelectedIndex = 1 Then
valued1 = 1
ElseIf cb2.SelectedIndex = 2 Then
valued1 = 2
ElseIf cb2.SelectedIndex = 3 Then
valued1 = 3
ElseIf cb2.SelectedIndex = 4 Then
valued1 = 4
ElseIf cb2.SelectedIndex = 5 Then
30
valued1 = 5
Else
d1 = d1 - 1
valued1 = 0
End If
markd1 = markd1 + valued1 'combobox1+combobox2
finald1 = markd1 / d1
As stated above, there are a total of 14 domain to be calculated in the gap analysis. Thus,
‘finald1’ is the value for the first domain which is Information Security Policy. From the
chart in figure 5, the value for ‘finald1’ is 5 which means that either all the controls in the
domain is optimized or one of them are out of scope since there are only two controls in
the domain.
The goal of the change management process is to ensure that standardized methods
and procedures are used for efficient and prompt handling of all changes, in order to
minimize the impact of change-related incidents upon service quality, and consequently
improve the day-to-day operations of the organization.
31
Figure 34 TM CMS
3.1.7 TM Dashboard
32
was running above normal. Dashboards typically are limited to show summaries, key
trends, comparisons, and exceptions. There are four Key elements to a good dashboard:
Mainly, the dashboard here is created to show the progress of the ISMS policy, whether it
is still in any of these 5 process;
Review
Amendment
Verification
Endorsement
Awareness
At the end of the day, this dashboard is going to help the executives in their presentation
of work in front of the VP and even can be used during audit period.
33
Figure 37 Input is added using Control
34
Figure 39 Created Report
This project was done in conjunction with the previous TM Dashboard. Basically,
the mechanisms is the same but a few changes has been done to make it more detailed. For
this dashboard, the objectives is to show the readiness of ISMS policy to be implemented
in 6 different scope. They are:
VP Office
Access Network Management
Data Network Management
Internet Service Provider Network Management
Transmission and International Network Management
Voice Network Management
35
Figure 40 GUI for ISMS Dashboard Creator
36
Figure 42 Details of Dashboard
37
3.1.9 Request For Change Dashboard
RFC or Request for Change is a functionality in the Change Management System.
It stores any request requested by the user and analyzed.
38
Figure 45 Dashboard of detailed RFC for every NM
39
Figure 47 Dashboard for Overall OLA
40
3.2 Problem Encountered and Problem Solving Process
To create the TM Gap Analysis and TM Dashboard applications, I have make use
of Access database to store the data required. This is new to me as I have never done any
connection between VB to Access before. To make up for it, I have used the internet to
learn more on the steps and procedure for the works. There are a lot of YouTube tutorial
videos that can be watched to understand more on the programming.
Due to horrible design, I have been asked to improve my info graphic poster for at
least three times. As a result, I have done three different version of the info graphic poster,
which may look unprofessional at start but keep improving on the next version. This
problem of lack of creativity was encountered by more training and following few
examples of info graphic taken from the internet.
41
CHAPTER 4
CONCLUSION
I have completed three months of internship successfully at Telekom Malaysia
Berhad. During the period, the objectives of EIT were achieved. The objectives are to
expose students with the working environment, to enhance and supplement the knowledge
and skills of students, to develop students in term of ability, competence and interpersonal
relationship, to expose and familiarize the students to rules and regulations including safety
in industrial environment, and to develop the spirit of team working among students and
other working group members. I also learn from the company that ethics is more important
than skills. I am grateful to learn something very valuable from this company since there
is not many company which upholds ethics more than skills.
Even though I encountered few problems during this training period, I am still glad
that I have managed to learn a lot of new knowledge and gain more experience. Thus, I
gladly finished my internship in this company, which I hope will pave my road in becoming
a great engineer for this country and ummah.
Praise be to Allah for all the things that He have done in order for me to complete
this engineering industrial training session without any big obstacle.
42
CHAPTER 5
REFERENCES
http://www.ukessays.com/essays/communications/telekom-malaysa.php
https://en.wikipedia.org/wiki/Information_security_management_system
http://www.searchenginejournal.com/6-benefits-using-infographics/70917/
http://advisera.com/27001academy/knowledgebase/the-importance-of-statement-
of-applicability-for-iso-27001/
https://en.wikipedia.org/wiki/Gap_analysis
https://en.wikipedia.org/wiki/Change_management_(ITSM)
https://en.wikipedia.org/wiki/Dashboard_(business)
43
APENDICES
44