Malaysia s Approach to Network Security



Similar documents
Halton Borough Council. Privacy Notice

Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011)

Control Systems Security: Australian Government Activities. Dr. Jason Smith Asst. Director, Operations CERT Australia Attorney-General s Department

Cyber security Country Experience: Establishment of Information Security Projects.

15 December Crime Prevention and Anti-Fraud Policy

Identity Fraud: Presented by: MOHD ZABRI ADIL TALIB Head, Digital Forensics CyberSecurity Malaysia

National Occupational Standards. Compliance

Global Cybersecurity Index Good Practices

Emerging Issues Committee November 21, Report to Convocation. Purposes of Report: Decision

Information Commissioner s Office. ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

The Strategic Trade Act (STA) 2010: Malaysia s Experience in the Implementation of Strategic Trade Management. Yangon, Myanmar 24 June 2015

Pacific Islands Telecommunications Association

Public Private Partnerships and National Input to International Cyber Security

Information Security Management System Policy

Debt management businesses

International Criminal Court: Review Conference

Open Source Incident Management Tool for CSIRTs

Submission by the Commonwealth Ombudsman

Information Security Management System Information Security Policy

Helen Grant MP Minister for Sport and Tourism Department for Culture, Media and Sport 100 Parliament Street LONDON SW1A 2BQ 29 January 2014

Professional issues. Una Benlic

PIPEDA and Online Backup White Paper

the balance to be held by Candelon, a wholly-owned special purpose vehicle ( SPV ) of Khazanah Nasional Berhad.

1st June Internet Access Service Provider (IASP) Sub-Code for the Communications and Multimedia Industry Malaysia

BDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Legislative Council Panel on Information Technology and Broadcasting. Hacking and Virus Activities and Preventive Measures

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians

Five-Year Strategic Plan

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Wright State University Information Security

NATIONAL COMPLIANCE AND ENFORCEMENT POLICY

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Regulatory Practices. Australia, New Zealand, UK, Germany, US, Canada and France

WHISTLEBLOWERS LEGISLATION

Delivering Excellence in Insurance Claims Handling

FURTHER EDUCATION IN MALAYSIA

Interception of Communications Code of Practice. Pursuant to section 71 of the Regulation of Investigatory Powers Act 2000

Data Governance in-brief

Data Analysis Officer - Service Development Team

The role of CyberSecurity Malaysia towards cyber security industry development in Malaysia

COMMONWEALTH OF PENNSYLVANIA GOVERNOR'S OFFICE. Commonwealth Internet Access

Data controllers and data processors: what the difference is and what the governance implications are

South Australia Police POSITION INFORMATION DOCUMENT

Kingdom of Saudi Arabia Communication and Information Technology Commission. Public Consultation Document On the Anti-SPAM Policy Framework

How to Monitor Employee Web Browsing and Legally

MALAYSIAN TECHNOLOGY DEVELOPMENT CORPORATION SDN. BHD.

Lessons from Defending Cyberspace

Outcome Based Education (OBE) Speaker: Dr. Chong, Sze San Date: 18 th June 2008 Time: 2 pm Venue: DK 1

POLFOR004 Develop forensic crime scene expertise

Response to the Department for the Environment on Taxi Operator Licensing in Northern Ireland. By the Consumer Council

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

The World Bank Reports on the Observance of Standards and Codes (ROSC) Overview of the ROSC Accounting and Auditing Program

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Risk Management Strategy

You may choose not to provide us with any of this information, but not doing so will affect our ability to provide you with storage.

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO

NEW ZEALAND S CYBER SECURITY STRATEGY

CYBER SECURITY STRATEGY AN OVERVIEW

CorporateGuard Comprehensive Crime Insurance

PS 172 Protective Monitoring Policy

privacy and credit reporting policy.

Evidence-informed regulation The ACMA approach

Appendix A DRAFT INFORMATION MANAGEMENT PLAN

Information security education for students in Japan

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

SMS SERVICE PROVISION

Information Security Standards by Dr. David Brewer Gamma Secure Systems Limited Diamond House, 149 Frimley Road Camberley, Surrey, GU15 2PS

ECOWAS COMMON POSITION ON THE ARMS TRADE TREATY

Hong Leong Asia Ltd.

South Australia Police POSITION INFORMATION DOCUMENT

Towards closer EU-ASEAN collaboration in cybersecurity

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Third party Web hosting services security Policy

Cyber security trends & strategy for business (digital?)

Delegate Invitation & Information Pack 26 th 28 th July 2011, Speke Resort & Conference Centre Munyonyo, Kampala, Uganda

Cyber Security Threats and Countermeasures

Memorandum of Understanding on Labour Cooperation

United Kingdom Competition Network (UKCN) Statement of Intent

Can ISO 9001 become the Babel fish for aligning the plethora of compliance requirements? Ron Mazzachi, Martin Andrew, Craig Ottaway

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

PUBLIC LIBRARIES SOUTH AUSTRALIA. Internet Access in Public Libraries Policy, Procedures and Guidelines. PLSA Internet Policy 2010.

National Cyber Security Policy -2013

ESKISP Direct security testing

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE)

Petfre (Gibraltar) Ltd t/a Betfred.com Settlement following a licence review - public statement June 2016

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

CGU PROFESSIONAL RISKS

SENATE STANDING COMMITTEE ON LEGAL AND CONSTITUTIONAL AFFAIRS AUSTRALIAN FEDERAL POLICE. Question No. 100

Fostering Information Security Awareness Among Responding Countries

Memorandum of Understanding. Between. The Regulator of Community Interest Companies. And. The Social Enterprise Mark CIC

Memorandum of Understanding. Department of Justice and Attorney-General. Department of Transport and Main Roads. between the.

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL

Digital Forensics Institute in Malaysia: The Way Forward

Regulation of Investigatory Powers Act 2000

Transcription:

Malaysia s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager, Industry Development Division, Malaysian Communications and Multimedia Commission 1

Background MCMC is a statutory body established under the Malaysian Communications and Multimedia Commission Act 1998 to regulate and nurture the communications and multimedia industry in Malaysia in accordance with the national policy objectives set out in the Communications and Multimedia Act 1998 (CMA). The MCMC is also charged with overseeing the new regulatory framework for the converging industries of telecommunications, broadcast and online activities. The 10 th National Policy Objective, as stated in the CMA, requires the Commission to ensure information security and the integrity and reliability of the network for the country 2

Laws and Policies S. 3 (2) (j) CMA to ensure information security and network reliability and integrity Under the CMA, the Commission is entrusted to ensure information security and the reliability and integrity of the network. Communications and Multimedia Act 1998 (CMA) Computer Crimes Act 1997 Digital Signature Act 1998 Legal issues relating to network security are addressed in the Communications and Multimedia Act and the Computer Crimes Act 1998. For example, fraudulent use of network, improper use of network facilities/services and interception of communications are addressed in the CMA. Under the Computer Crimes Act, acts such as unauthorized access to computer material and with intent to commit or facilitate commission of further offence, unauthorized modification of contents of any computer and wrongful communication is addressed. 3

Present Approach Public Private Presently, matters relating to information and network security in the public sector is under the administration of the Malaysian Administrative Modernization and Management Planning Unit (MAMPU) Within MAMPU, there is the ICT Security Division. They recently launched the Malaysian Public Sector Management Of Information & Communications Technology Security Handbook (MyMIS) They also operate the G-CERT. However, MAMPU does not have any enforcement powers. MCMC CMA The Police CCA CMA The National IT Council gave birth to NISER to address e-security Issues of the nation and as to act as Malaysia s CERT. NISER or the National ICT Security and Emergency Response Center offers research in vulnerability detection, intrusion detection and computer forensic technology. They offer their services to private and public entities. Like MAMPU s ICT Security Division, they do not Have any enforcement powers. 4

Cont; MCMC POLICE MECM Information and Network Security NISER MAMPU BKN INDUSTRY DEFENCE 5

Issues (from present approach) a) Coordination b) Awareness c) Implementation of policies d) Information-sharing 6

Future Plans Information Security and Critical National Infrastructure Financial Sector Water and Sewerage Communications and Multimedia Energy COORDINATION CENTRE Military Transportation Government services Health and Emergency services Industry Central Government 7

The Way Forward Setting up of a centralized body that will act as a stop agency for all, private and public bodies. Malaysia will host a workshop on Information/Network Security and the Protection of Critical National Infrastructure in June. We have invited 6 organizations Malaysia s centre from Japan, S.Korea, Australia, New Zealand, UK and Canada to KL for them to share their experiences. It is hope Malaysia would be able to learn as much as possible to help us in setting up our local centralized body. Apart from the local participants, Malaysia has also extended invitations to other ASEAN countries to participate in order for ASEAN to also plan a regional centre of some sort for the benefit of ASEAN. ASEAN Regional Centre for Information and Network Security 8

Pointers for Slide # 2 Briefly explains what MCMC is and its relation/relevance to Information and Network Security. MCMC is also the Regulatory Authority for all of the ISPs operating in Malaysia. Apart from regulating and nurturing the communication and Multimedia industry in accordance with the CMA, the MCMC is also the Controller for the Certification Authorities under the Digital Signature Act 1998. The CMA is the only piece of regulation or law that identifies information security and the reliability and integrity of the network as a National Policy Objective. However, it does not elaborate on the process. Effectively, it is up to the organizations to fall into place. 9

Pointers for Slide # 3 In approaching Network Security, the participants may want to know what are the laws and policies in Malaysia that governs network security. In Malaysia s instance, the main statutes is the CMA and the Computer Crimes Act 1997. Within the two statutes, there are legal issues identified such as fraudulent use of network, improper use of network facilities/services and interception of communications are described in the CMA. In the CCA, acts such as unauthorized access, modification of contents and wrongful communication is addressed 10

Pointers for Slide # 4 Presently, approaches to network security has a jurisdiction flavor to it. Security issues in the public sector is administered by MAMPU (Malaysian Administrative Modernization and Management Planning Unit) Within MAMPU is the ICT Security Division. They also operate a CERT for the Government. They had also recently launched The Malaysian Public sector Management of Information and Communications Technology Security Handbook (mymis). The handbook is a set of guidelines concerning compliance and adherence to best practices and measures leading to information and network security. A copy is available online at http://www.mampu.gov.my/ict/mymis/mymis.htm All of the public sectors are asked to comply and adhere to the handbook while the private sector is encouraged. However, the ICT Security Division do not have any enforcement powers to enforce compliance. 11

Cont; Whilst security issues within the public sector is administered by MAMPU, the National IT Council (NITC) was of the opinion that there was a need for a body that will be able to assist the private sector in dealing with security issues. Thus the NITC gave birth to the National ICT Security and Emergency Response Centre (NISER). NISER is also Malaysia s CERT or MyCERT. They offer their services in respect of vulnerability detection, intrusion detection and forensic technology. Presently, they offer their services to both public and private sectors. Like MAMPU, NISER do not have any enforcement powers. 12

Cont; In this instance, only MCMC and the Police have any enforcement powers in matters relating to Information and Network Security. The MCMC is the body entrusted to implement and promote the Government s national policy objectives under the CMA. It has enforcement powers in relation to offences relating to network security in the CMA. The Police has sweeping enforcement powers. They have jurisdiction over the CMA and also the CCA. All complaints relating to network security matters will be passed to either the MCMC or/and the Police. 13

Pointers for Slide # 5 As it is, organizations in Malaysia lack the coordination process. This is a point of concern as it slows the development with regards to implementation of policies, information-sharing and creating awareness. All of the organizations are loosely bound together and this is a disadvantage when the country needs to react to certain issues. 14

Pointers for Slide # 6 Presently, looking at the current situation, there are 4 main concerns that need to be tackled. There is a basic lack of coordination. This is a concern when the country is to react or put into place, proactive measures. The lack of coordination results in poor sharing of information, ineffective implementation of policies and a need for awareness program. However so, the MCMC is initiating continuous awareness program on security to consumers alike. The MCMC is also undertaking a network security audit for all of the ISPs 15

Future Plans: Pointers for Slide # 7 There is an urgent need for bodies, sectors and stakeholders of the country s Critical National Infrastructure to identify a centralized body which will coordinate and facilitate the issues concerning Information and Network Security, also the Protection of Critical Infrastructure. The relevant bodies in Malaysia have met last March 8 to discuss the setting up of that centralized body. That centralized body will then function as Malaysia s national body which will bind all of the critical sectors of Information and Network Security into a group to facilitate coordination process, dissemination of information and also as the nation s centre of excellence in the field of information and network security. 16

Pointers for Slide # 8 To jump start the initiative to set Malaysia s own local central body for Information and Network Security, and the Protection of Critical Infrastructure, we have initiated a workshop where we have invited 6 organizations representing Japan, S.Korea, UK, Canada, New Zealand and Australia who are responsible for Information and Network Security, and the Protection of Critical Infrastructure in their own countries. The workshop will be from 10-11 June 2002. Malaysia has also invited all ASEAN countries to participate in the workshop. During the workshop, Malaysia hopes to learn as much as possible on the workings of each centre, how they operate, the lessons learnt and their experiences in dealing with matters such as jurisdiction, 17

coordination and so forth. Cont; We have also invited ASEAN members to participate. This is because During the last ASEAN Telecommunications Minister meeting in KL in July 2001, Malaysia mooted the idea of having a regional coordination centre/body for ASEAN on Information and Network Security. This is to allow member countries of ASEAN to interact, exchange and share information and train its members on matters relating to information and network security. Malaysia was chosen to spearhead this initiative for ASEAN and the workshop that we will be hosting in June 2002 will be the catalyst towards a new approach on network security, for Malaysia and also for ASEAN. 18

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information