Professional Documents
Culture Documents
2009 ITU Regional Cybersecurity Forum for Africa and Arab States
Tunis, Tunisia (4-5 June 2009)
Technology
Technology Growing
Growing World-wide
World-wide Cyber
Cyber Content
Content Related
Related
Related
Related Threats
Threats Threats
Threats
Cyber
Cyber Threats
Threats
Hack Threat National Security
High
Required
Knowledge
to Attack
LEVEL
Fraud
Sophistication
of Attacker’s Sedition / Defamation
Tools &
Techniques
Low
Malicious Code 1985 1990 1995 2000 2005 2010
Hate Speech
Harassment
2,500
2,123
Type of
1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
• 75% cases - from law enforcement agencies (Police, Central Bank, Securities, etc).
• Types of cases – Financial Fraud, Sexual Assault, national threats, etc.
298
221
132
93
89*
63 69
46
INFORMATION &
COMMUNICATION GOVERNMENT FOOD &
AGRICULTURE
WATER
Securing Our Cyberspace
Copyright © 2009 CyberSecurity Malaysia Slide no: 8
The NATIONAL CYBER SECURITY POLICY
- Policy Thrusts
Reduced no. of
Expansion of International
Establishment of Reduction of & InfoSec Acceptance & Strengthen or
national CNII resilience branding on
a national info increased in incidents utilization of include infosec
certification against cyber CNII protection
security success in, the through local developed enforcement role
scheme for crime, terrorism, with improved
coordination
centre
prosecution in
cyber crime
POLICY THRUST EXPECTED OUTCOME
infosec mgmt &
improved
awareness &
info security
products
in all CNII
regulatorsI
info warfare awareness &
assurance skill level
skill level
PT 1 PT 2 PT 3 PT 4 PT 5 PT 6 PT 7 PT 8
EFFECTIVE LEGISLATIVE CYBER SECURITY CULTURE OF RESEARCH & COMPLIANCE & CYBER SECURITY INTERNATIONAL
GOVERNANCE & TECHNOLOGY SECURITY & DEVELOPMENT ENFORCEMENT EMERGENCY COOPERATION
REGULATORY FRAMEWORK CAPACITY TOWARDS SELF READINESS
FRAMEWORK BUILDING RELIANCE
PT – Policy Thrust
Securing Our Cyberspace
Copyright © 2009 CyberSecurity Malaysia Slide no: 9
The NATIONAL CYBER SECURITY POLICY
- Implementation Approaches
Approach II (0-3yrs)
National IT Council
1. Malaysian Administrative, Modernisation and
Chair : Prime Minister
Management Planning Unit
2. Attorney General’s Chambers
3. Ministry of Science, Technology and Innovation
National Cyber Security Advisory
4. Ministry of Defence
Committee 5. Ministry of Foreign Affairs
Chair : Chief Secretary 6. Ministry of Energy, Green Technology and Water
7. Ministry of Information, Communications &
Culture
National Cyber Security 8. Ministry of Finance
9. Ministry of Transport
Coordination Committee
10. Ministry of Home Affairs
Chair : Secretary General
11. National Security Council
Ministry of Science, Technology &
12. Chief Government Security Officer’s Office
Innovation
13. Central Bank of Malaysia
14. National Water Services Commission
15. Malaysian Communications & Multimedia
Commission
National Cyber Security Policy 16. Energy Commission
Working Group 17. Securities Commission
PT PT PT PT PT PT PT PT 18. CyberSecurity Malaysia
1 2 3 4 5 6 7 8
MS ISO/IEC 27001:2006
Information Security Management System (ISMS)
MS ISO/IEC 27001:2006
MS ISO/IEC 17799:2005
MISSION
“to increase Malaysia’s competitiveness in
quality assurance of information security based
on the Common Criteria (CC) standard and to
Malaysia was accepted as CCRA build consumers’ confidence towards Malaysian
Certificate Consuming
Participant on 28 March 2007 information security products”
MOSTI
Video clips
Publication Web
International
CERT
Communities
KPWKM MOE
Outreach
Awareness posters
e-security website: www.esecurity.org.my
eSecurity newsletter (published every
quarter)
CyberSAFE awareness newsletter
INFOSEC Knowledge Sharing
Radio Advertisements
NEWS LETTERS
WEBSITE
ONLINE GAMES
Collaboration with
1. International Information Systems Security Certification Consortium (ISC2)
2. MoU with Japan CERT (JPCERT)
3.MoU with Information Technology Promotion Agency, Japan
Member of
1. Asia Pacific Computer Emergency Response Team (APCERT)
2.Forum of Incident Response Security Team (FIRST)
3.Security and Prosperity Steering Group (SPSG) under APEC Telecommunication and Information Working
Group (APECTEL)
4. International Telecommunication Union (ITU)
5.ASEAN Regional Forum (ARF) in Cyber Security
6.Organization of the Islamic Conference – Computer Emergency Response Team (OIC-CERT)
Ongoing development
1.MoU with Australian CERT (AusCERT)
2.Malaysia-Australia collaboration in cyber security
13 – 15 Jan 2009
OIC-CERT 1ST Information Security Seminar 2009 with a
theme STRATEGIC PARTNERSHIP AGAINST CYBER
THREATS targeting ICT security professionals, policy makers,
industry players and from the OIC member researchers
countries.
OBJECTIVE OF OIC-CERT
• Strengthen relationship amongst CERT/CSIRT in
the OIC countries
• Information sharing
• Prevent/reduce cyber terrorism activities
• Education and Outreach ICT Security Programs
• Promote collaborative technology research,
development and innovations
• Promote Good Practices and / or recommendation
to address legal and regulatory issues
• Assist member countries to establish National
CERTs