INFORMATION SECURITY STANDARDS DEVELOPMENT IN MALAYSIA

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "INFORMATION SECURITY STANDARDS DEVELOPMENT IN MALAYSIA"

Transcription

1 INFORMATION SECURITY STANDARDS DEVELOPMENT IN MALAYSIA By THAIB MUSTAFA, CHAIRMAN TECHNICAL COMMITTEE FOR INFORMATION SECURITY (TC/G/5) INDUSTRY STANDARDS COMMITTEE FOR INFORMATION TECHNOLOGY, COMMUNICATION AND MULTIMEDIA (ISC G) 23 RD MAY 2012

2 Presentation Agenda 1. INTRODUCTION 2. ACTIVITIES 3. ACHIEVEMENTS 4. CHALLENGES 5. MOVING FORWARD 6. CONCLUSION TC5 Information Security 2012 All Rights Reserved 2

3 INTRODUCTION: Technical Committee for Information Security (TC/G/5) Non-profit, appointed group of volunteered members: Information security professionals Risk and compliance professionals Auditors and assurance professionals Governance and management professionals Lead Agency: Standards Malaysia, MOSTI Support Agency: SIRIM, MOSTI Representatives Organizations: ICT, security, banking/financial services, government, public/private sectors, regulatory, technology, utilities, consulting, universities, etc. Mission: Trusted to develop, prepare and review Information Security and its related standards for Malaysia TC5 Information Security 2012 All Rights Reserved 3

4 BACKGROUND In 1966, Institutes of Standards Malaysia (ISM) was established in Malaysia and later Standards Malaysia In 1969, Malaysia became a member of ISO In 1975, SIRIM was established In 1996, SIRIM was appointed as National Standard Development Agency in Malaysia SIRIM established Industry Standards Committees (ISC) to undertake standard developments activities In 2001, Industry Standards Committees (ISC) responsible for IT, Telecommunications and Multimedia (ISC G) established TC/G/5, the Technical Committee responsible for Information Security TC5 Information Security 2012 All Rights Reserved 4

5 Standards Malaysia, SIRIM, ISC G, TC/G/5 and ISO/IEC, JTC, SC27 MEMBERS OF Industry Standard Committee for Information Technology, Communication & Multimedia (ISC G) MEMBERS OF Technical Committee on Information Security (TC/G/5) SC 27 Security Techniques ISO/IEC JTC 1/SC 27 WG1 WG2 WG3 WG4 WG7 WG5 WG1 WG2 WG3 WG4 WG5 TC5 Information Security 2012 All Rights Reserved 5

6 MEMBERS OF Technical Committee on Information Security (TC/G/5) Mr Zainal Abidin Ma'arif / Ms Nor Asma Ghazali Bank Negara Malaysia CHAIRMAN Telekom Malaysia Berhad Mr Thaib Mustafa Dr Dzaharudin Mansor Association of the Computer and Multimedia Industry of Malaysia Dr Solahuddin Shamsuddin CyberSecurity Malaysia Ms Julaila Engan Chief Government Security Office Mr Muhammad bin Ali Malaysian Administrative, Modernisation and Management Planning Unit (MAMPU) Ms Foo Mei Ling Malaysian National Computer Confederation Malaysian Communications and Multimedia Commission Ms Roshda Md Yunan Ministry of Information, Communication and Culture Mr Ruzamri Ruwandi Ms Ong Ai Lin Mr Tan Chuan On/ Mr Gan Kim Sai Ministry of Science, Technology and Innovation PricewaterhouseCoopers Advisory Services Sdn Bhd Mr Tan Tze Meng Multimedia Development Corporation Sdn Bhd Mr Mohd Zahari Zakaria Teknimuda Sdn Bhd Ms Haliza Ibrahim SIRIM QAS International Sdn Bhd TC5 Information Security 2012 All Rights Reserved 6 Mr Mohd Mohd Ismail Ahmad Tenaga Nasional Berhad

7 List of Working Groups (WG) under Information Security Ms Raja Azrina Raja Othman JARING Communications Sdn Bhd Dr Jamalul-lail Ab Manan MIMOS Berhad Mr Thaib Mustafa TELEKOM Malaysia TC/G/5 Technical Committee on Information Security SCOPE Standardisation in Information Security Participation(P) Member to ISO/IEC JTC1/SC27 Mr Wan Roshaimi Wan Abdullah Stratsec.net Sdn Bhd WG/G/5-1 Working Group on Information Security Management Systems SCOPE Standardisation on Information Security Management System WG/G/5-2 Working Group on Cryptography & Security Mechanisms SCOPE Standardisation on Cryptography & Security Mechanisms WG/G/5-3 Working Group on Information Security Evaluation Criteria SCOPE Standardisation on Security Evaluation Criteria Lt Col Asmuni Yusof CyberSecurity Malaysia Mr Ng Kang Siong MIMOS Berhad WG/G/5-4 Working Group on Security Control & Services WG/G/5-5 Working Group on Identity Management & Privacy Technologies SCOPE SCOPE Standardisation on BCM Framework for all Standardisation on Management & Privacy sectors & supplementary BCM Framework Technologies for specific sectors WG/G/5-7 Mr Badlissah Adnan PETRONAS Working Group on Industry Automation & Control Systems SCOPE Standardisation of the information or cyber security aspects of Supervisory Control and Data Acquisition (SCADA) sytems

8 Accountabilities & Responsibilities: Technical Committee on Information Security (TC/G/5) 1. Responsible for developing, preparing and reviewing Malaysian Standards. 2. Approval to release draft Malaysian Standards within its purview for the purposes of soliciting public comments. 3. Responsible for reviewing comments and make the necessary revision to draft Malaysian Standards in light of comments received. 4. Submit draft standards developed under its direction to the ISC for approval as final draft Malaysian Standards. 5. Responsible for supporting the work of its parent ISC in international standardisation by: a) studying and assessing the relevant international standards and formulate national views and comments on issues related to the scope of the TC/SC; b) studying and commenting and/or voting on draft international standards in related areas; and c) recommending the adoption of International Standards as Malaysian Standards where appropriate. 6. Support the ISC in co-ordinating participation in international/regional standardisation. 7. Establish Working Group (WG) in accordance with the Terms of Reference of WG for the purpose of undertaking specific tasks. TC5 Information Security 2012 All Rights Reserved 8

9 ISO/IEC Information Security Management System Specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) Conformance to this standard means an organization has a management system that ensures the confidentiality, integrity and accessibility of its information Information generated, received, retained or transmitted manually or electronically is controlled and managed based on the level of risk to the information An ISMS is an assurance to customers and stakeholders that their information is protected and secured from damaged, lost and misused TC5 Information Security 2012 All Rights Reserved 9

10 ACTIVITIES TC/G/5 Identify standards that meet national objectives and industries needs Information security standard preparation, development and review Endorse release of draft Malaysia Standard (MS) after public comments and ensure meeting national and industry needs Review and adopt (with certain criteria) International Standards as Malaysian Standards Recommend approval of standard and report activities to ISC G Develop indigenous standards if required and when no international standards available Support standardization activities at WGs, national, regional and international Review and participate in ISO/IEC JTC1/SC 27 projects and meetings Participate in regional meetings (e.g. RAISE) and provide liaison with other TCs TC5 Information Security 2012 All Rights Reserved 10

11 ACTIVITIES - WGs Working Groups in TC 5 mirroring JTC 1 SC 27 WG WG 1 - Information Security Management Systems WG 2 - Cryptography and Security Mechanisms WG 3 - Information Security Evaluation Criteria WG 4 - Security Controls and Services WG 5 - Identity Management and Privacy Technologies WG7 - Industry Automation and Control Systems Meeting regularly to review standardization projects and related documentation specific projects specified by TC/G/5 Develop indigenous standardization projects as approved by TC/G/5 Participate in meeting, talks, workshops and seminars at national, regional and international level Perform liaison with other related standards committees (e.g. biometrics and telecommunications) as required by TC/G/5 TC5 Information Security 2012 All Rights Reserved 11

12 ACHIEVEMENTS 1/2 More than 30 Standards approved and published Information Security Management Systems Requirements (MS ISO/IEC 27001:2006) Code of practice for Information Security Management (MS ISO/IEC 27002:2005) Methodology for IT Security Evaluation (MS ISO/IEC 18045:2005) Evaluation criteria for IT security-part 3: Security assurance requirements (First revision) (MS ISO/IEC :2005) ISMS Implementation Guidance (27003) Information Security Risk Management (27005) Information Security Management Guidelines for Telecommunication Organizations (27011) To date 22 SC27 approved new publications from 2011 TC5 Information Security 2012 All Rights Reserved 12

13 ACHIEVEMENTS 2/2 Editorship for WG4 Guidelines on Identification, Collection, Acquisition and Preservation of Digital Evidence is currently being approved for publication in Dec 2012 (ISO/IEC 27037) In Nov 2005, hosted ISO/IEC JTC 1 SC 27 WGs Meeting in KL In Apr 2010, hosted ISO/IEC JTC 1 SC 27 WGs & HoD Meeting in Melaka Participated in international ISO/IEC and regional standards developments Meetings Organized/participated in Information Security Workshops and Seminars promoting awareness, gather comments and public reviews TC5 Information Security 2012 All Rights Reserved 13

14 Programme of Works - WG1 NEW PUBLICATIONS (WG 1) ISO/IEC 27005: (2 nd ed.), Information security risk management ISO/IEC 27006: (2 nd ed.), Requirements for bodies providing audit and certification of information security management systems ISO/IEC 27007: (1 st ed.), Guidelines for information security management systems guidelines auditing ISO/IEC TR 27008: (1 st ed.), Guidelines for auditors on information security controls ISO/IEC 27010: (1 st ed.), Information security management for inter-sector and inter-organisational communications TC5 Information Security 2012 All Rights Reserved 14

15 Programme of Works - WG2 NEW PUBLICATIONS (WG 2) ISO/IEC : (2 nd ed.), Message Authentication Codes (MACs) Part 2: Mechanisms using a dedicated hash-function ISO/IEC : (1 st ed.), Message authentication codes (MACs) Part 3: Mechanisms using a universal hash-function ISO/IEC : (1 st ed.), Key management Part 5: Group key management ISO/IEC 18031: (2 nd ed.), Random bit generation ISO/IEC : (2 nd ed.), Encryption algorithms Part 4: Stream ciphers ISO/IEC 29150: (1 st ed.), Signcryption ISO/IEC : (1 st ed.), Lightweight cryptography Part 2: Block ciphers TC5 Information Security 2012 All Rights Reserved 15

16 Programme of Works - WG3 NEW PUBLICATIONS (WG 3) ISO/IEC : (3 rd ed.) corrected and reprinted Evaluation criteria for IT security Part 2: Security functional components ISO/IEC : (3 rd ed.) corrected and reprinted Evaluation criteria for IT security Part 3: Security assurance components ISO/IEC 18045: (2 nd ed.) corrected and reprinted Methodology for IT security evaluation ISO/IEC 29128: (1 st ed.) Verification of cryptographic protocols TC5 Information Security 2012 All Rights Reserved 16

17 Programme of Works - WG4&5 NEW PUBLICATIONS (WG 4) ISO/IEC : (1 st ed.), Application security - Part 1: Overview and concepts ISO/IEC 27035: (1 st ed.), Information security incident management ISO/IEC TR 29149: (1 st ed.), Best practices for the provision and use of time-stamping services NEW PUBLICATIONS (WG 5) ISO/IEC 24745: (1 st ed.), Biometric information protection ISO/IEC : (1 st ed.), A framework for identity management Part 1: Terminology and concepts ISO/IEC 29100: (1 st ed.) Privacy framework TC5 Information Security 2012 All Rights Reserved 17

18 CHALLENGES Inconsistent projects/activities participation (assignment on volunteer basis with almost regular changes to memberships) Shortage of subject matter experts from relevant industries and academia to contribute in WGs (WG 2, WG3, WG5 and WG7) Lack of commitment from industries, government departments/agencies, GLCs to provide resources and budget for standard development activities Very limited funding available to sponsor editorships & secretariat participations at regional and international level Lack of recognition and incentives for standards development works TC5 Information Security 2012 All Rights Reserved 18

19 To achieve the aspiration of IS standard development transformation, we need to understand the current issues and challenges and introduce standards as creative business solutions Provide business values and clear benefits 4 1 Industry Experience Understanding the issues and the business needs 2 Deliver Value Reach out, establish the network and support the market 3 Market Reach TC5 Information Security 2012 All Rights Reserved 19 Business Demand Creating business drivers and industry eco systems

20 MOVING FORWARD: Information Security Standard Development Master Plan Discovery: Establish the Baseline 2013 Transformation: Capability Building Recognition: ISMS as a Service Strategies Key Programs (Industry Survey, roadshows, etc) 3-5 years transformation roadmap Critical milestone Challenges KPIs TC5 Information Security 2012 All Rights Reserved 20

21 CONCLUSION 1. Information Security is a Business Issues 2. Information Security Management is part of Corporate Governance 3. ISMS is a mandatory baseline standard for Information Security Management for any organization 4. Compliance, Compliance & Compliance 5. Certify as security professionals 6. Certify all critical infrastructure 7. Join us at TC5 and participate as WGs members TC5 Information Security 2012 All Rights Reserved 21

22 THANK YOU Further information please contact TC/G/5 Secretariat Wan Rosmawarni Wan Sulaiman TC5 Information Security 2012 All Rights Reserved 22

JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder

JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder WG 1 Information security management systems WG 2 Cryptography and security mechanisms WG 3 Security evaulation criteria WG 4 Security

More information

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT ISO/IEC Information & ICT Security and Governance Standards in practice Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT June 4, 2009 ISO and IEC ISO (the International Organization for Standardization)

More information

Entschuldigen Sie mich, I did not understand, parlez-vous IT Методы обеспечения защиты?

Entschuldigen Sie mich, I did not understand, parlez-vous IT Методы обеспечения защиты? Entschuldigen Sie mich, I did not understand, parlez-vous IT Методы обеспечения защиты? World Standards Day 2015 ILNAS 2015-10-14 Cédric Mauny, Vice-Chairman of Luxembourg National Committee ISO/IEC JTC1

More information

ISO/IEC JTC 1/SC 27 N15445

ISO/IEC JTC 1/SC 27 N15445 ISO/IEC JTC 1/SC 27 N15445 REPLACES: N14360 ISO/IEC JTC 1/SC 27 Information technology -- Security techniques Secretariat: DIN, Germany DOC TYPE: Business Plan TITLE: SC 27 Business Plan October 2015 September

More information

MALAYSIAN STANDARD INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT- PART 2: GUIDELINES

MALAYSIAN STANDARD INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT- PART 2: GUIDELINES MALAYSIAN STANDARD MS 2223-2:2009 INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT- PART 2: GUIDELINES ICS: 01.140.20 Descriptors: information, documentation, record management, guidelines Copyright

More information

COPYRIGHT. Copyright 2013 CyberSecurity Malaysia

COPYRIGHT. Copyright 2013 CyberSecurity Malaysia COPYRIGHT The copyright of this document belongs to CyberSecurity Malaysia. No part of this document (whether in hardcopy or electronic form) may be reproduced, stored in a retrieval system of any nature,

More information

2015 DEPARTMENT OF STANDARDS MALAYSIA

2015 DEPARTMENT OF STANDARDS MALAYSIA MALAYSIAN STANDARD MS ISO 9001:2015 Quality management systems - Requirements (Second revision) (ISO 9001:2015, IDT) ICS: 03.120.10 Descriptors: requirements, quality management systems Copyright 2015

More information

De Nieuwe Code voor Informatiebeveiliging

De Nieuwe Code voor Informatiebeveiliging De Nieuwe Code voor Informatiebeveiliging Piet Donga, ING Voorzitter NEN NC 27 - IT Security 1 Agenda Standardisation of Information security The new Code of Practice for Information Security The Code

More information

Working Group 5 Identity Management and Privacy Technologies within ISO/IEC JTC 1/SC 27 IT Security Techniques

Working Group 5 Identity Management and Privacy Technologies within ISO/IEC JTC 1/SC 27 IT Security Techniques Working Group 5 Identity Management and Privacy Technologies within ISO/IEC JTC 1/SC 27 IT Security Techniques Joint Workshop of ISO/IEC JTC 1/SC 27/WG 5, ITU-T SG17/Q.6, and FIDIS on Identity Management

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

3rd Party Information Security Assessment Guideline

3rd Party Information Security Assessment Guideline 3rd Party Information Security Assessment Guideline Nor azuwa Muhamad Pahri Noor Aida Idris Securing Our Cyberspace 2 CyberSecurity Malaysia 2010 - All Rights Reserved "But with that connection comes new

More information

MALAYSIAN STANDARD INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT - PART 1: GENERAL (ISO 15489-1:2001, IDT)

MALAYSIAN STANDARD INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT - PART 1: GENERAL (ISO 15489-1:2001, IDT) MALAYSIAN STANDARD MS 2223-1:2009 INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT - PART 1: GENERAL (ISO 15489-1:2001, IDT) ICS: 01.140.20 Descriptors: information, documentation, record management,

More information

An Overview of ISO/IEC 27000 family of Information Security Management System Standards

An Overview of ISO/IEC 27000 family of Information Security Management System Standards What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information

More information

MyCC Scheme Overview SECURITY ASSURANCE. Creating Trust & Confidence. Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity.

MyCC Scheme Overview SECURITY ASSURANCE. Creating Trust & Confidence. Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity. An Agency Under MOSTI MyCC Scheme Overview SECURITY ASSURANCE Creating Trust & Confidence Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity.my Copyright 2007 CyberSecurity Malaysia Slide no:

More information

MCMC MTSFB TC TXXX:2015 TECHNICAL CODE REQUIREMENTS FOR INFORMATION/NETWORK SECURITY. Registered date:

MCMC MTSFB TC TXXX:2015 TECHNICAL CODE REQUIREMENTS FOR INFORMATION/NETWORK SECURITY. Registered date: TECHNICAL CODE MCMC MTSFB TC TXXX:2015 REQUIREMENTS FOR INFORMATION/NETWORK SECURITY Developed by Registered by Registered date: Copyright 2015 DEVELOPMENT OF TECHNICAL CODES The Communications and Multimedia

More information

ISO/IEC JTC 1 SC 27 WG 3

ISO/IEC JTC 1 SC 27 WG 3 ISO/IEC JTC 1 SC 27 WG 3 Security Evaluation, Testing and Specification Physical security attacks, mitigation techniques and security requirements copyright ISO/IEC JTC 1/SC 27, 2013. This is an SC27 public

More information

ASCENDSYS SDN BHD. Company Profile

ASCENDSYS SDN BHD. Company Profile ASCENDSYS SDN BHD Company Profile Ascendsys Sdn Bhd Company Information Ascendsys Company Profile Ascendsys is information technology services organization that provides niche information technology solutions,

More information

RECOMMENDATIONS OF JOINT WORKING GROUP ON ENGAGEMENT WITH PRIVATE SECTOR ON CYBER SECURITY

RECOMMENDATIONS OF JOINT WORKING GROUP ON ENGAGEMENT WITH PRIVATE SECTOR ON CYBER SECURITY RECOMMENDATIONS OF JOINT WORKING GROUP ON ENGAGEMENT WITH PRIVATE SECTOR ON CYBER SECURITY NATIONAL SECURITY COUNCIL SECRETARIAT Salient Features of the JWG Report on Engagement with Private Sector on

More information

Walter Fumy discusses the importance of IT security standards in today s world and the role that SC 27 plays in this field.

Walter Fumy discusses the importance of IT security standards in today s world and the role that SC 27 plays in this field. 27, IT Security Techniques An Interview with Walter Fumy, Chairman of ISO/IEC JTC 1/SC Walter Fumy discusses the importance of IT security standards in today s world and the role that SC 27 plays in this

More information

Collaborative efforts in Malaysia: Producing Protection Profile for Internet Banking Application

Collaborative efforts in Malaysia: Producing Protection Profile for Internet Banking Application Collaborative efforts in Malaysia: Producing Protection Profile for Internet Banking Application Ahmad Dahari Bin Jarno Senior Analyst & MySEF Evaluator CyberSecurity Malaysia-MySEF (Malaysia) Co. Author:

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

ISO/IEC JTC 1/SC 27 N15410

ISO/IEC JTC 1/SC 27 N15410 ISO/IEC JTC 1/SC 27 N15410 ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany REPLACES: N14270 DOC TYPE: officers' contribution TITLE: ISO/IEC JTC 1/SC 27 corporate

More information

ISO/IEC 27001:2013 webinar

ISO/IEC 27001:2013 webinar ISO/IEC 27001:2013 webinar 11 June 2014 Dr. Mike Nash Gamma Secure Systems Limited UK Head of Delegation, ISO/IEC JTC 1/SC 27 Introducing ISO/IEC 27001:2013 and ISO/IEC 27002:2013 New versions of the Information

More information

Application Security ISO

Application Security ISO Application Security ISO Tak Chijiiwa, CISSP, CSSLP Principal Consultant, Security Compass Copyright 2012 2012 Security Compass inc. 1 Introduction 2012 Security Compass inc. 2 Speaker Introduction Tak

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

Human Factors in Information Security

Human Factors in Information Security University of Oslo INF3510 Information Security Spring 2014 Workshop Questions Lecture 2: Security Management, Human Factors in Information Security QUESTION 1 Look at the list of standards in the ISO27000

More information

S.S. Chen Environmental & Bioprocess Technology Centre SIRIM http://www.sirim.my

S.S. Chen Environmental & Bioprocess Technology Centre SIRIM http://www.sirim.my S.S. Chen Environmental & Bioprocess Technology Centre SIRIM http://www.sirim.my SIRIM A wholly owned-company of the Malaysian Government Corporate Mission To enhance our customers competitiveness through

More information

Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy

Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy November 18, 2008 Teresa Schwarzhoff Computer Security Division Information

More information

ISO/IEC JTC1 SC32. Next Generation Analytics Study Group

ISO/IEC JTC1 SC32. Next Generation Analytics Study Group November 13, 2013 ISO/IEC JTC1 SC32 Next Generation Analytics Study Group Title: Author: Project: Status: Big Data Efforts Keith W. Hare Discussion Paper References: 1/6 1 NIST Big Data Public Working

More information

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper Maintaining Herd Communication - Standards Used In IT And Cyber Security Laura Kuiper So what is Cyber Security? According to ITU-T X.1205 Cybersecurity is the collection of tools, policies, security concepts,

More information

Information Technology Security Program

Information Technology Security Program Information Technology Security Program Office of the CIO December, 2008 1 AGENDA What is it? Why do we need it? An international Standard Program Components Current Status Next Steps 2 What is It? A Policy

More information

MALAYSIAN STANDARD CODE OF PRACTICE FOR RADIATION PROTECTION - MEDICAL X-RAY DIAGNOSIS (FIRST REVISION) Copyright 2007

MALAYSIAN STANDARD CODE OF PRACTICE FOR RADIATION PROTECTION - MEDICAL X-RAY DIAGNOSIS (FIRST REVISION) Copyright 2007 MALAYSIAN STANDARD MS 838:2007 CODE OF PRACTICE FOR RADIATION PROTECTION - MEDICAL X-RAY DIAGNOSIS (FIRST REVISION) ICS: 13.280 Descriptors: code of practice, medical diagnosis, radiation protection, x-ray

More information

Part 2: ICT security standards and guidance documents

Part 2: ICT security standards and guidance documents Part 2: ICT security standards and guidance documents Version 3.0 April, 2007 Introduction The purpose of this part of the Security Standards Roadmap is to provide a summary of existing, approved ICT security

More information

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)

More information

Information Technology

Information Technology Information Technology ISO/IEC JTC 1 N6383 Date: 2001-02-08 Replaces: Document Type: Document Title: Document Source: Information from ISO Central Secretariat (Defined) Resolutions Adopted by the ISO Technical

More information

APPLYING RISK BASED AUDIT TECHNIQUE TO OPERATIONAL AUDIT ASSIGNMENTS (3 DAYS INTERACTIVE AUDIT WORKSHOP)

APPLYING RISK BASED AUDIT TECHNIQUE TO OPERATIONAL AUDIT ASSIGNMENTS (3 DAYS INTERACTIVE AUDIT WORKSHOP) APPLYING RISK BASED AUDIT TECHNIQUE TO OPERATIONAL AUDIT ASSIGNMENTS (3 DAYS INTERACTIVE AUDIT WORKSHOP) Course Outline Role of Internal Auditing Identify the Value of Internal Auditing. Define Internal

More information

Towards Business Continuity Management Compliance & Certification 21 July 2011, Thursday Hotel Istana, Kuala Lumpur

Towards Business Continuity Management Compliance & Certification 21 July 2011, Thursday Hotel Istana, Kuala Lumpur Towards Business Continuity Management Compliance & Certification 21 July 2011, Thursday Hotel Istana, Kuala Lumpur Introduction As earthquake, tsunami and other disasters of nature threaten and disrupt

More information

NIST-Workshop 10 & 11 April 2013

NIST-Workshop 10 & 11 April 2013 NIST-Workshop 10 & 11 April 2013 EUROPEAN APPROACH TO OVERSIGHT OF "TRUST SERVICE PROVIDERS" Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and

More information

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità

Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM

More information

Information Security in a Wireless World

Information Security in a Wireless World Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security

More information

BIC a multi-lateral international cooperation strategy based on in-country Extended Working Groups (EWGs)

BIC a multi-lateral international cooperation strategy based on in-country Extended Working Groups (EWGs) Mr. James Clarke, Waterford Institute of Technology, Telecommunications Software and Systems Group In cooperation with Dr. Barend Taute, BIC IAG member, CSIR Meraka Institute & EuroAfrica ICT/P8 Technical

More information

International Software & Systems Engineering. Standards. Jim Moore The MITRE Corporation Chair, US TAG to ISO/IEC JTC1/SC7 James.W.Moore@ieee.

International Software & Systems Engineering. Standards. Jim Moore The MITRE Corporation Chair, US TAG to ISO/IEC JTC1/SC7 James.W.Moore@ieee. This presentation represents the opinion of the author and does not present positions of The MITRE Corporation or of the U.S. Department of Defense. Prepared for the 4th Annual PSM Users Group Conference

More information

GREEN IT IN MALAYSIA ASIA GREEN IT FORUM 2010. 5 September 2010

GREEN IT IN MALAYSIA ASIA GREEN IT FORUM 2010. 5 September 2010 GREEN IT IN MALAYSIA ASIA GREEN IT FORUM 2010 5 September 2010 MD FARID MD SALLEH ASSISTANT SECRETARY GREEN TECHNOLOGY SECTOR MINISTRY OF ENERGY, GREEN TECHNOLGY AND WATER MALAYSIA 1 CONTENTS Green Technology

More information

Digital Forensics (2012)

Digital Forensics (2012) CyberCSI 2 nd Half Year 2012, Summary Report Prepared By: Rafizah Abd Manaf and Nur Aishah Mohamad Reviewed By: Nazri Mohamed Author email address: nazri@cybersecurity.my, rafizah@cybersecurity.my and

More information

xxxxx Conformity assessment Requirements for third party certification auditing of environmental management systems - competence requirements

xxxxx Conformity assessment Requirements for third party certification auditing of environmental management systems - competence requirements NEW WORK ITEM PROPOSAL Date of presentation 2011-02-25 Reference number (to be given by the Secretariat) Proposer ISO/TC 207/SC 2 ISO/TC 207 / SC 2 N 251 Secretariat NEN A proposal for a new work item

More information

Testimony of. Cita M. Furlani Director

Testimony of. Cita M. Furlani Director Testimony of Cita M. Furlani Director Information Technology Laboratory National Institute of Standards and Technology United States Department of Commerce Joint Hearing Before the United States House

More information

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Critical Infrastructure Cybersecurity Framework Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Executive Order: Improving Critical Infrastructure Cybersecurity

More information

Status Report on Storage Security Initiatives

Status Report on Storage Security Initiatives Status Report on Storage Security Initiatives Eric A. Hibbard, CISSP, CISA Sr. Director, Data Networking Technology Hitachi Data Systems Abstract This presentation will review the storage security initiatives

More information

IAF Mandatory Document

IAF Mandatory Document IAF MD15:2014. IAF Mandatory Document IAF MANDATORY DOCUMENT FOR THE COLLECTION OF DATA TO PROVIDE INDICATORS OF MANAGEMENT SYSTEM CERTIFICATION BODIES PERFORMANCE (IAF MD15:2014) Issued: 14 July 2014

More information

MALAYSIAN STANDARD. Cold-reduced carbon steel strip with a mass fraction of carbon over 0.25 % (ISO 4960:2007, IDT)

MALAYSIAN STANDARD. Cold-reduced carbon steel strip with a mass fraction of carbon over 0.25 % (ISO 4960:2007, IDT) MALAYSIAN STANDARD MS ISO 4960:2014 Cold-reduced carbon steel strip with a mass fraction of carbon over 0.25 % (ISO 4960:2007, IDT) ICS: 77.140.50 Descriptors: cold-reduced carbon steel, strip, mass fraction,

More information

Form 1: Proposal for a new field of technical activity

Form 1: Proposal for a new field of technical activity Form 1: Proposal for a new field of technical activity Circulation date: Click here to enter text. Closing date for voting: Click here to enter text. Proposer: ESMA Reference number (to be given by Central

More information

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS Hong Kong Computer Society Room 1915, 19/F, China Merchants Tower, Shun Tak Centre, 168 Connaught Road Central, Hong Kong Tel: 2834 2228 Fax: 2834 3003 URL: http://www.hkcs.org.hk Email: hkcs@hkcs.org.hk

More information

Wireless Local Area Network (LAN) Security Guideline

Wireless Local Area Network (LAN) Security Guideline Wireless Local Area Network (LAN) Security Guideline Noor Aida Idris Mohamad Nizam Kassim Securing Our Cyberspace 2 To say a system is secure because no one is attacking it is very dangerous (Microsoft

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything

More information

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR)

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR) kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR) June 2015 Table of Contents CASPR... 2 FIPS 140-2: Security Requirements For Cryptographic Modules... 2 Federal

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

TS/P 247: Proposal to transform ISO/PC 251 Asset management into a TC

TS/P 247: Proposal to transform ISO/PC 251 Asset management into a TC ISO/TMB/TS/P 247 2014-10-30 TS/P 247: Proposal to transform ISO/PC 251 Asset management into a TC Dear ISO Members, Please find attached a proposal for a new field of technical activity on Asset management,

More information

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing Faculty of Engineering and Informatics Programme Specification Programme title: MSc Cyber Security Academic Year: 2015/16 Degree Awarding Body: Partner(s), delivery organisation or support provider (if

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

The Information Security Management System According ISO 27.001 The Value for Services

The Information Security Management System According ISO 27.001 The Value for Services I T S e r v i c e M a n a g e m e n t W h i t e P a p e r The Information Security Management System According ISO 27.001 The Value for Services Author: Julio José Ballesteros Garcia Introduction Evolution

More information

IPv6 in Malaysia. Gopinath Rao Sinniah Senior Staff Researcher, MIMOS Berhad Chairman of MTSFB IPv6 WG. 18 th October 2012 Australian 2012 IPv6 Summit

IPv6 in Malaysia. Gopinath Rao Sinniah Senior Staff Researcher, MIMOS Berhad Chairman of MTSFB IPv6 WG. 18 th October 2012 Australian 2012 IPv6 Summit IPv6 in Malaysia Gopinath Rao Sinniah Senior Staff Researcher, MIMOS Berhad Chairman of MTSFB IPv6 WG 18 th October 2012 Australian 2012 IPv6 Summit Outline Brief description of MTSFB and MIMOS Berhad

More information

IRE-TEX CORPORATION BERHAD (Company No: A)

IRE-TEX CORPORATION BERHAD (Company No: A) IRE-TEX CORPORATION BERHAD (Company No: 576121-A) BOARD CHARTER 1. OVERVIEW The Board of Directors ( Board ) of Ire-Tex Corporation Berhad ( the Company ) is committed towards ensuring good corporate governance

More information

Information Security Specialist Training on the Basis of ISO/IEC 27002

Information Security Specialist Training on the Basis of ISO/IEC 27002 Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu

More information

The Adoption of Management Systems Standards & Best Practices in Malaysia (Current and Future Trend)

The Adoption of Management Systems Standards & Best Practices in Malaysia (Current and Future Trend) Nang Yan Business Journal 1.1 2012 Paper #: 2-05 P- 105 The Adoption of Management Systems Standards & Best Practices in Malaysia (Current and Future Trend) Dr. Mohd Azman Idris SGM, SIRIM Training Services,

More information

IT Governance, Assurance and Security Conference

IT Governance, Assurance and Security Conference ISACA Malaysia & MNCC Proudly Presents the11 th Annual IT Governance, Assurance and Security Conference 10 & 11 July 2012 Organised By : Supported By : Register Early to Avoid Disappointment Venue - One

More information

INTERNATIONAL TELECOMMUNICATION UNION

INTERNATIONAL TELECOMMUNICATION UNION INTERNATIONAL TELECOMMUNICATION UNION TELECOMMUNICATION STANDARDIZATION SECTOR STUDY PERIOD 2009-2012 English only Original: English Question(s): 4/17 Geneva, 11-20 February 2009 Ref. : TD 0244 Rev.2 Source:

More information

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015) IAF Informative Document Transition Planning Guidance for ISO 9001:2015 Issue 1 (IAF ID 9:2015) Issue 1 Transition Planning Guidance for ISO 9001:2015 Page 2 of 10 The (IAF) facilitates trade and supports

More information

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems Latest in Cloud Computing Standards Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems 1 Short Introduction CTO Security & Privacy, Hitachi Data Systems Involved

More information

Nurturing Malaysia s next gen cybersecurity professionals

Nurturing Malaysia s next gen cybersecurity professionals Tuesday, 24 November 2015 MYT 7:37 PM Nurturing Malaysia s next gen cybersecurity professionals BY DR AMIRUDIN ABDUL WAHAB The rise of cybersecurity: With the increase in cyber threats, the term cybersecurity

More information

C015 Certification Report

C015 Certification Report C015 Certification Report NexCode National Security Suite Release 3 File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please

More information

ISO 27001:2005 & ISO 9001:2008

ISO 27001:2005 & ISO 9001:2008 ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the

More information

Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective

Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective Donna F. Dodson Chief Cybersecurity Advisor National Institute of Standards and Technology donna.dodson@nist.gov A Little

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

Profiles of the retiring Directors proposed for re-election

Profiles of the retiring Directors proposed for re-election Profiles of the retiring Directors proposed for re-election Name Last name Dato Robert Cheim Dau Meng Proposed Position Director Age 61 years Nationality Malaysian Appointed on 5 November 2008 Years in

More information

Preparing yourself for ISO/IEC 27001 2013

Preparing yourself for ISO/IEC 27001 2013 Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,

More information

Combining Security Risk Assessment and Security Testing based on Standards

Combining Security Risk Assessment and Security Testing based on Standards Jürgen Großmann (FhG Fokus) Fredrik Seehusen (SINTEF ICT) Combining Security Risk Assessment and Security Testing based on Standards 3 rd RISK Workshop at OMG TC in Berlin, 2015-06-16 3 rd RISK Workshop

More information

DEPARTMENT OF STANDARDS MALAYSIA

DEPARTMENT OF STANDARDS MALAYSIA MALAYSIAN STANDARD MS 830:2013 Storage, handling and transportation of liquefied petroleum gases (LPG) - Code of practice (Third revision) ICS: 75.200 Descriptors: liquefied petroleum gas, storage, handling,

More information

Relationship to Software Engineering Standards

Relationship to Software Engineering Standards Chapter3 Relationship to Software Engineering Standards STANDARDS ORGANIZATIONS Standards organizations are bodies, organizations, and institutions that produce standards. These organizations develop standards

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 8 April 2015 cyberframework@nist.gov Agenda Mission of NIST Cybersecurity at NIST Cybersecurity Framework

More information

THE NATIONAL GREEN TECHNOLOGY THE NATIONAL GREEN TECHNOLOGY POLICY POLICY

THE NATIONAL GREEN TECHNOLOGY THE NATIONAL GREEN TECHNOLOGY POLICY POLICY THE NATIONAL GREEN TECHNOLOGY POLICY CONTENT BACKGROUND THE NATIONAL GREEN TECHNOLOGY POLICY PROGRAMMES/ ACTIVITIES FOR 2010 1 ESTABLISHMENT OF MINISTRY OF ENERGY, GREEN TECHNOLOGY AND WATER (KeTTHA) APRIL

More information

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9

More information

Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C. 20036. Direct: 202.747.3483 agarg@thinkbrg.

Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C. 20036. Direct: 202.747.3483 agarg@thinkbrg. Curriculum Vitae Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C. 20036 Direct: 202.747.3483 agarg@thinkbrg.com SUMMARY Amit Garg brings over 17 years of information

More information

ESCoRTS A European network for the Security of Control & Real Time Systems

ESCoRTS A European network for the Security of Control & Real Time Systems ESCoRTS A European network for the Security of Control & Real Time Systems Luc Van den Berghe CEN-CENELEC Management Centre 20/05/10 Luxembourg workshop 1 Recommendations from a CEN/BT WG161 Survey in

More information

Information Security and Internet of Things

Information Security and Internet of Things Information Security and Internet of Things 2 nd Open China ICT Thematic Workshop On Internet of Things and Future Internet Beijing, 23 August 2013 Contents The growing Internet of Things Internet of Things

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

Incident Management & Forensics Working Group. Charter

Incident Management & Forensics Working Group. Charter Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,

More information

CASPR Commonly Accepted Security Practices and Recommendations

CASPR Commonly Accepted Security Practices and Recommendations hhhhhhhhhhhhhh CASPR Commonly Accepted Security Practices and Recommendations CASPR is an open-source project aimed at documenting the information security common body of knowledge through commonly accepted

More information

Security Control Standard

Security Control Standard Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the

More information

Training Catalogue 2015-16

Training Catalogue 2015-16 Training Catalogue 2015-16 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation

More information

SHARIAH ADVISORY COUNCIL OF THE IFI IN MALAYSIA. Faculty of Syariah and Law Islamic Science University of Malaysia 22 nd March 2007 CONTENTS

SHARIAH ADVISORY COUNCIL OF THE IFI IN MALAYSIA. Faculty of Syariah and Law Islamic Science University of Malaysia 22 nd March 2007 CONTENTS SHARIAH ADVISORY COUNCIL OF THE IFI IN MALAYSIA Faculty of Syariah and Law Islamic Science University of Malaysia 22 nd March 2007 CONTENTS Introduction Definition The Differences between the SAC and Fatwa

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme Activities and Updates. Copyright 2010 CyberSecurity Malaysia

Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme Activities and Updates. Copyright 2010 CyberSecurity Malaysia Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme Activities and Updates Copyright 2010 CyberSecurity Malaysia Agenda 1. Understand Why we need product evaluation and certification ICT

More information

Guideline to Determine Information Security Professionals Requirements for the CNII Agencies / Organisations

Guideline to Determine Information Security Professionals Requirements for the CNII Agencies / Organisations Date: 27/05/2013 Guideline to Determine Information Security Professionals Requirements for the CNII Agencies / Organisations 1 Contact Information For further clarification, please contact CyberSecurity

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information