SlideShare ist ein Scribd-Unternehmen logo

Malaysia's National Cyber Security Policy

Directorate of Information Security | Ditjen Aptika
Directorate of Information Security | Ditjen Aptika

This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013 An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection

TechnologieBusiness
1 von 47
Downloaden Sie, um offline zu lesen
Copyright © 2013 CyberSecurity Malaysia MALAYSIA’S NATIONAL CYBER SECURITY POLICY An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection 10 September 2013 Bandung, Indonesia MOHD SHAMIR B HASHIM Vice President Government and Multilateral Engagement
Copyright © 2013 CyberSecurity Malaysia §  Critical infrastructures are increasingly dependent on information and communication. §  The potential natural disasters or terrorist attacks, which threaten the critical infrastructure and critical information infrastructure as well, are dramatically increasing today. §  Risks to the CIIs include man-made attacks, natural disasters and technical failures. §  The high dependence on CNIIs, their cross-border interconnectedness and interdependencies with other infrastructures, as well as the vulnerabilities and threats they face raise the need to address their security and resilience in a systematic perspective as the frontline of defense against failures and attacks. Cyber Threats CRITICAL INFORMATION INFRASTRUCTURES POWER GENERATION SERVICES DISTRIBUTION Interdependencies The high degree of interdependency between the critical infrastructure sectors means failures in one sector can propagate into others. 2
Copyright © 2013 CyberSecurity Malaysia Cyber  Content  Related  Threats  Technology    Related  Threats     Hack Threat Fraud Denial of Service Attack Intrusion Malicious Code Harassment Threats to National Security Sedition / Defamation Online Porn Hate Speech 3 Cyber Threats CLASIFICATIONS
Copyright © 2013 CyberSecurity Malaysia 4 2005   National Cyber Security Policy formulated by MOSTI NCSP Adoption and Implementation 2006   CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 2007  The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets NCSP Objectives Address The Risks To The Critical National Information Infrastructure Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks Develop And Establish A Comprehensive Program And A Series Of Frameworks Cyber Security Governance NATIONAL CYBER SECURITY POLICY 4
Copyright © 2013 CyberSecurity Malaysia VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation 5 DEFENCE & SECURITY • Ministry of Defense, Military • Ministry of Home Affairs, Police TRANSPORTATION • Ministry of Transport BANKING & FINANCE • Ministry of Finance • Central Bank • Securities Commission HEALTH SERVICES • Ministry of Health EMERGENCY SERVICES Ministry of Housing & Local Municipality CRITICAL NATIONAL INFORMATION INFRASTRUCTURE Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on • National Defense & Security • National Economic Strength • National Image • Government capability to function • Public Health & Safety ENERGY • Energy Commission INFORMATION & COMMUNICATIONS • Ministry of Communications & Multimedia GOVERNMENT • Malaysia Administrative, Modernisation and Management Planning Unit FOOD & AGRICULTURE • Ministry of Agriculture WATER • National Water Service Commission National Cyber Security Policy CNII SECTORS
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 6 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 7 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia CyberSecurity Malaysia (www.cybersecurity.my) A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (www.mosti.gov.my). Pt 1: Effective Governance CYBERSECURITY MALAYSIA Ministerial Function Act1969, Amendment 2009 Provides specialised ICT security services and continuously identifies possible areas that may be detrimental to national security Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation CyberSecurity Malaysia as a National Body to monitor aspects of the National e- Security VISION To be a globally recognised National Cyber Security Reference and Specialist Centre by 2020 MISSION Creating and Sustaining a Safer Cyberspace to Promote National Sustainability, Social Well-Being and Wealth Creation 8 Establishment of a national info security coordination centre
Copyright © 2013 CyberSecurity Malaysia STRATEGY ENGAGEMENT & RESEARCH INFO SECURITY PROFESSIONAL DEVELOPMENT & OUTREACH SECURITY QUALITY MANAGEMENT SERVICES CYBER SECURITY EMERGENCY SERVICES Digital Forensics Security Management & Best Practices Info Security Professional Development Outreach Strategy Engagement Research Information Security Certification Body CyberSecurity Malaysia CORE FUNCTIONS / SERVICES Security Assurance Security Incident Handling 9
Copyright © 2013 CyberSecurity Malaysia National Security Council Chair : Y.A.B. Prime Minister Secretariat: NSC E-Sovereignty Working Group Chair : Under Secretary of NSC National Cyber Security Coordination Committee Chair : NSC Secretariat : NSC Government Communication Strategy Enhancement Committee Chair : PMO Secreatriat : BHEUU National Cyber Crisis Coordination Committee Chair : PMO Secretariat : NSC Cyber Law Committee Chair : AGC Secretariat : AGC National Acculturation & Capacity Building Committee Chair : MOSTI Secretariat : MOSTI MICC compliance & Enforcement Committee Chair : MICC Secretariat : MICC E-Sovereignty Committee Chair : Y.A.B. Deputy Prime Minister Secretariat: NSC National IT Council (NITC) Chair : Y.A.B. Prime Minister Secretariat: MOSTI POLICY   CONTENT   CRISIS   MANAGEMENT   LEGISLATION   ACCULTURATION  &   CAPACITY  BUILDING   COMPLIANCE  &   ENFORCEMENT   Pt 1: Effective Governance ORGANIZATION STRUCTURE 10
Copyright © 2013 CyberSecurity Malaysia 11 •  MAMPU •  National Security Council •  Attorney General’s Chambers •  Chief Government Security Office •  Ministry of Science, Technology & Innovation •  Ministry of Defense •  Ministry of Foreign Affairs •  Ministry of Energy, Green Technology & Water •  Ministry of Information, Communication & Culture •  Ministry of Transportation •  Ministry of Home Affairs •  Royal Malaysian Police •  Southeast Asia Regional Center for Counter-Terrorism •  Bank Negara Malaysia •  National Water Services Commission •  Malaysian Communication & Multimedia Commission •  Energy Commission •  Securities Commission Malaysia •  Khazanah Nasional Berhad •  CyberSecurity Malaysia •  MIMOS Berhad •  Standards Malaysia Pt 1: Effective Governance NATIONAL COORDINATION COMMITTEE
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 12 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 13 Cyber Specific Laws Specific legislation governing online matters •  Communications and Multimedia Act 1998 •  Optical Disk Act 2000 •  Computer Crimes Act 1997 •  Digital Signature Act 1997 •  Telemedicine Act 1997 •  Electronic Commerce Act 2006 •  Electronic Government’s Activities Act 2007 •  Personal Data Protection Act 2010 Non Cyber Specific Laws Legislation that may be used to regulate online matters whenever applicable •  Copyright Act 1987 •  Sedition Act 1948 •  Penal Code •  Defamation Act 1957 Pt 2: Legislative & Regulatory Framework CYBER LAWS OF MALAYSIA Reduction of & increased in success in, the prosecution in cyber crime.
Copyright © 2013 CyberSecurity Malaysia 14 A study on the laws of Malaysia to accommodate legal challenges in the Cyber Environment 14 Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
Copyright © 2013 CyberSecurity Malaysia 15 Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
Copyright © 2013 CyberSecurity Malaysia 16 Pt 2: Legislative & Regulatory Framework AMENDMENTS – EVIDENCE ACT
Copyright © 2013 CyberSecurity Malaysia 17 DIGITAL FORENSICS LAB ANALYZE & INVESTIGATE DIGITAL EVIDENCE DATA RECOVERY LAB RECOVER CORRUPTED & DELETED DATA EXPERT DEVELOPMENT LAB PLATFORM FOR RESEARCH & JOB ATTACHMENT EVIDENCE PRESERVATION FACILITY A SECURE ENVIRONMENT FOR DIGITAL EVIDENCE CyberCSI™ Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS
Copyright © 2013 CyberSecurity Malaysia 18 Notification of Declaration under Subsection 399(2) - Digital Forensics Analyst Pt 2: Legislative & Regulatory Framework EXPERT WITNESS
Copyright © 2013 CyberSecurity Malaysia MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 Digital Forensics Essentials Fundamental 4 Forensics on Internet Application Fundamental 5 Digital Forensics for First Responder Intermediate DIGITAL FORENSICS MODULES Duration: 11 days   19 Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS TRAINING
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 20 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia §  Guidelines: Computer Security Handbook, ICT Outsourcing Information Security §  Best practices: Social Networking, Protecting Your Mobile Device §  3rd Party Information Security Assessment Guideline §  Wireless Local Area Network (LAN) Security Guideline §  Joint development of the National Cyber Crisis Management Plan (NCCMP) with National Security Council. §  Business Continuity Management (BCM) implementation for organization. §  Development of Information Security Standards at the national level. §  Information Security Management System (ISMS) certification programme for Critical National Information Infrastructure (CNII) agencies. §  Develop Information Security Guidelines and Best Practices. 21 Pt 3: Cyber Security Technology Framework SECURITY MANAGEMENT BEST PRACTICES Expansion of national certification scheme for infosec mgmt & assurance
Copyright © 2013 CyberSecurity Malaysia Phase 2 – Building the Infrastructure SECURITY STANDARDS MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 ISMS Implementation Intermediate 4 ISMS Internal Auditor Advance ISO 27001 Information Security Management System Duration: 9 days   ISO/IEC 27001 Information Security Management – Confidential Information Remain Confidential 22
Copyright © 2013 CyberSecurity Malaysia SECURITY ASSURANCE OFFERS 2 TYPES OF SERVICE FOR THE ENHANCEMENT OF NATIONAL INFORMATION SECURITY ASSURANCE : MyVAC (National Vulnerability Assessment Center) MySEF (Malaysian ICT Security Evaluation Facilities) •  Vulnerability Assessment And Penetration Testing Services for CNII sectors •  Common Criteria (CC) evaluation service •  Security Assessment for control system (SCADA/DCS) •  ICT Product Security Assessment (IPSA) service •  Common Criteria (CC) Protection Profile (PP) evaluation service 23 Pt 3: Cyber Security Technology Framework ASSESSMENT & ASSUARANCE
Copyright © 2013 CyberSecurity Malaysia CERTIFICATE AUTHORISING PARTICIPANTS CERTIFICATE CONSUMING PARTICIPANTS •  Participants that represent a compliant Certification Body •  Mutually recognizes certified products/systems produced by the Certificate Authorising Participants based on ISO/IEC 15408 Participants that have a national interest in recognising CC certificates produced by the Certificate Authorising Participants based on ISO/IEC 15408 CCRA is an international recognition arrangement for Common Criteria Standard (ISO/IEC 15408) CyberSecurity Malaysia is the National Certification Body - Malaysian Common Criteria Certification Body (MyCB) ITALY   JAPAN   NETHERLANDS   SWEDEN   TURKEY   NEW    ZEALAND   AUSTRALIA   UNITED  KINGDOM   CANADA   FRANCE   UNITED  STATES   GERMANY   SPAIN  REP.  OF  KOREA  NORWAY   AUSTRIA   GREECE  FINLAND  DENMARK  CZECH  REP   HUNGARY   SINGAPORE  PAKISTAN  ISRAEL  INDIA   24 Pt 3: Cyber Security Technology Framework COMMON CRITERIA RECOGNITION ARRANGEMENT  
Copyright © 2013 CyberSecurity Malaysia 1.  International collaboration in the area of CERT in the Asia Pacific region and OIC countries. 2.  Coordinate the implementation of the NCSP. 3.  Secretariat for the Operational Task Force under National Security Council. 4.  Secretariat for the NC3 chaired by National Security Council 1.  Cyber media research 2.  Cyber War Research 3.  Development of National Cryptography Policy 4.  Cyber Laws Study 5.  Co-Chair for CSCAP Study Group on Cyber Security that includes the Issues of Transnational Cyber Crime 6.  Co-Leading Nation for ASEAN Regional Forum in Counter Radicalization Work Plan for Counter-Terrorism & Transnational Crime in collaboration with Ministry of Foreign Affairs 25 Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT  
Copyright © 2013 CyberSecurity Malaysia CYBER CONFLICTS Tactics • Cyber espionage • Web vandalism • Propaganda • Gathering data • Distributed Denial-of-Service Attacks • Equipment disruption • Attacking critical infrastructure • Compromised Counterfeit Hardware (source: http://en.wikipedia.org/wiki/Cyberwarfare) 26 Emerging Threats Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT  
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 27 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 28 Pt 4: Culture Of Cyber Security & Capacity Bldg IT’S ABOUT PEOPLE
Copyright © 2013 CyberSecurity Malaysia 29 An area where today’s youth are at greatest risk is social networking http://www.jdpower.com/autos/car-photos/ Identity-Theft/Identity-Theft/2009 Pt 4: Culture Of Cyber Security & Capacity Bldg PEOPLE – WEAKEST LINK
Copyright © 2013 CyberSecurity Malaysia 30 National Strategy for Cyber Security Acculturation and Capacity Building Program Pt 4: Culture Of Cyber Security & Capacity Bldg CYBER SECURITY ACCULTURATION & CAPACITY BLDG Reduced no. of InfoSec incidents through improved awareness & skill level
Copyright © 2013 CyberSecurity Malaysia §  Man behind the machine is the critical factor Current Ratio of Professionals : Internet User 1 : 8,924 Target 1:1,500 (Conduct Study to determine number of Info Pro) "   Help nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses and certifications. "   Through strategic collaborations with reputable organizations in Malaysia and international accreditation institutions this program is accomplished. "   Malaysia requires sufficient skilled people to deal with sophisticated cyber threats & uncertainty of cyber space. 31 Pt 4: Culture Of Cyber Security & Capacity Bldg CAPACITY BLDG – INFOSEC PRO DEVELOPMENT
Copyright © 2013 CyberSecurity Malaysia PROFESSIONAL COURSES • Business Continuity Management Professional Certification (BCLE2000) • Certified Information System Security Professional (CISSP) CBK Review Seminar • Certified Secure System Lifecycle Professional (CSSLP) • ISO 27001 Lead Auditor • Professional in Critical Information Infrastructure Protection (PCIP) • System Security Certified Practitioner (SSCP) CBK Review Seminar SPECIALIZED COURSES • Digital Forensics for Law Practitioner • Forensics on Internet Applications • ISO 27001 Internal Auditor INTERMEDIATE COURSES • Cryptography for Information Security Professional • Digital Forensic for First Responder • Incident Response & Handling for Computer Security & Incident Response Team (CSIRTS) • Incident Handling and Network Security Training (IHNS) • ISO 27001 Implementation • MyCC 2.0 - Foundation Evaluator Training FUNDAMENTAL COURSES • Business Continuity Management For Beginners • Cryptography for Beginners • CSM Security Essential Training • Data Encryption for Beginners • Digital Forensics Essential • Google-Fu Power Search Technique 32 Pt 4: Culture Of Cyber Security & Capacity Bldg TRAINING COURSES
Copyright © 2013 CyberSecurity Malaysia 33 CyberSecurity  Malaysia’s   CyberSAFE   Cyber  Security  Awareness  For  Everyone    PROGRAM   •   It  is  everyone’s  responsibility     •   To  explore  smart  partnership            CyberSecurity  Malaysia  and  YOU   Pt 4: Culture Of Cyber Security & Capacity Bldg AWARENESS
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 34 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia Development of the National R&D Roadmap for Self Reliance in Cyber Security Technologies is facilitated by MIMOS Berhad, a Government R&D institution 35 To Identify Technologies That Are Relevant and Desirable by the CNII To Promote Collaboration with International Centres of Excellence To Provide Domain Competency Development To Nurture the Growth of Local Cyber Security Industry To Update the National R&D Roadmap Pt 5: Research & Development Towards Self Reliance R & D ROADMAP Acceptance & utilization of local developed info security products
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 36 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 37 •  To study the need to introduce a Cyber Security Safety Standards Act to ensure mandatory compliance by CNII to ISMS Standards (ISO27001) and other selected standards. •  Audit and certification of ISMS compliance of CNIIs within 3 years from the date of Cabinet mandate 24 Feb 2010 Ensure  Mandatory   Compliance  to   Informa;on   Security  Standards   by  CNII   • Government Agencies dialogue session to implement ISMS compliance for CNIIs • ISMS (ISO/IEC-27001) training and workshops for CNIIs and regulatory bodies • CNII Information Security Standards Adoption Program Capability  and   Awareness     Programmes  for   CNIIs • Local Developers to obtain products certification under ISO 15408 (Common Criteria EAL2) • Develop Cyber Security Industry Directory to list Malaysian IT security companies, products and IT security professionals • Cyber Security Trade Event to promote locally developed products under Common Criteria (Nov2012) Facilitate  Industry   Development   In progress Case  for  change:   n Cabinet  mandate  for  CNII  organizaTons   to  obtain  ISMS  cerTficaTon  within  3   years  24  Feb  2010   n CriTcal  NaTonal  InformaTon   Infrastructure  (CNII)  exposed  to  cyber   threats   n Lack  of  compliance  to  informaTon   security  standards  (eg  ISMS  27001)   amongst  CNII   n Weak  ecosystem  of  local  industry  to   support  the  requirements  of  CNII  e.g.   Products  cerTfied  under  Common   Criteria   RecommendaTon:   n Ensure  mandatory  compliance  of    ISMS   Standards  for  CNII   n Capability  and  Awareness  for  CNIIs   n Facilitate  Industry  Development   *  CollaboraTon  with  PEMANDU   (Performance  Management  and   Delivery  Unit)  SRI  (Strategic  Reform   IniTaTve)   In progress In progress Pt 6: Compliance & Enforcement STANDARDS & GUIDELINES Strengthen or include infosec enforcement role in all CNII regulatorsI
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 38 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia  Number  of  cyber  security  incidents  referred  to  CyberSecurity  Malaysia  31  Aug   2012  (excluding  spams)   INCIDENTS §  Intrusion §  Intrusion Attempt §  Spam §  DOS §  Cyber Harassment §  Fraud §  Content Related §  Malicious Code §  Vulnerabilities Report 39 As of 30th April 2013 CNII resilience against cyber crime, terrorism, info warfare Pt 7: Cybersecurity Emergency Readiness CYBER INCIDENTS 1997 - 2012
Copyright © 2013 CyberSecurity Malaysia 0   100   200   300   400   500   600   2002   2003   2004   2005   2006   2007   2008   2009   2010   2011   2012   30   58   49   48   91   105   137   190   172   131   59  13   5   20   45   41   116   160   212   428   442   349   Forensic  Analysis   Data  recovery   •  75% cases - from law enforcement agencies (PDRM, BNM, AG, SKMM etc). •  Types of cases – Financial Fraud, Sexual Assault, National threats, etc. [  As  of  31st  August  2012  ]   43   63 93 69 132 221 297 600 402 573 408 40 Pt 7: Cybersecurity Emergency Readiness DIGITAL FORENSICS CASES (2002 – 2012)
Copyright © 2013 CyberSecurity Malaysia 41 Cyber999™ Cyber Early Warning Services 1. Incident Handling 2. Cyber Early Warning 3. Technical Coordination Centre 4. Malware Research Center §  Email o  cyber999@cybersecurity.my o  mycert@mycert.org.my §  Phone o  +603 8992 6969 o  1 300 88 2999 §  Fax o  +603 8945 3442 §  SMS o  15888 Cyber999 Report §  Mobile (24x7) o  +6019 266 5850 §  Online – http://www.mycert.org.my §  Office Hours – MYT 0830 - 1730 Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
Copyright © 2013 CyberSecurity Malaysia 42 Emerging   Threats   LebahNet   Project   Malware   Research   Threats   VisualizaTon   Advisory  &   Alerts     EXPLOIT ADVISORIES & ALERTS §  Software vulnerabilities (advisories) §  0 day vulnerabilities §  Patch & upgrades OUTBREAKS ALERTS §  H1N1 flu §  Trojan-Michael Jackson Death §  Conficker §  IE/Acrobat/Office/Flash 0 day MA-321.072012 : MyCERT Alert - Microsoft Security Bulletin Summary For July 2012 21/06/2012 MA-320.062012 : MyCERT Alert - Critical Vulnerability in Microsoft XML Core Services 19/06/2012 MA-319.062012 : MyCERT Alert - Increase in Web Defacement Incidents 13/06/2012 MA-318.062012 : MyCERT Alert - Microsoft Security Bulletin Summary For June 2012 13/06/2012 MA-317.062012 : MyCERT Alert - Oracle Java SE Critical Patch Update Advisory - June 2012 11/06/2012 MA-316.062012 : MyCERT Alert - Critical Vulnerability in MySQL and MariaDB 11/06/2012 MA-315.062012 : MyCERT Alert - Critical Vulnerability in Adobe Flash Player 07/06/2012 Pt 7: Cybersecurity Emergency Readiness MALWARE RESEARCH CENTER
Copyright © 2013 CyberSecurity Malaysia Incident Handling Technical Coordination Centre MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 Incident Handling & Network Security (IHNS) Intermediate 4 Ethical Hacking and Penetration Testing Intermediate 5 Security Audit and Assessment Intermediate INCIDENT HANDLING MODULES Duration: 13 days   43 Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Communications & Multimedia 1 2 3 4 5 6 7 8 44 National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 45 APCERT OIC-CERT ENGAGE Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events PRIORITIZE Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests Pt 8: International Collaboration MISSIONS International branding on CNII protection with improved awareness & skill level
Copyright © 2013 CyberSecurity Malaysia q  The National Cyber Security Policy is a holistic approach for cyber defence of the CNIIs and the nation. q  Encouraging Public Private Cooperation as essential element in mitigating cyber threats q  Commitment from stakeholders is critical in ensuring the success of the policy’s implementation. 46 NATIONAL CYBER SECURITY POLICY In Conclusion
Copyright © 2013 CyberSecurity Malaysia 47

Empfohlen

Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
SlideTeam
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Uday Bhaskarwar
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 

Empfohlen

Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
SlideTeam
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Uday Bhaskarwar
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Power point cybercrime
Power point cybercrimePower point cybercrime
Power point cybercrime
12698
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspects
CAS
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Tushar Nikam
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
Eryk Budi Pratama
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
CUNIX INDIA
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Sanket Gogoi
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
Edi Suryadi
 
Data Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityData Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and security
Ethical Sector
 

Weitere ähnliche Inhalte

Was ist angesagt?

Power point cybercrime
Power point cybercrimePower point cybercrime
Power point cybercrime
12698
 

Was ist angesagt? (20)

Power point cybercrime
Power point cybercrimePower point cybercrime
Power point cybercrime
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspects
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
cyber security
cyber securitycyber security
cyber security
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 

Ähnlich wie Malaysia's National Cyber Security Policy

Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
Edi Suryadi
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
Zsolt Nemeth
 
Malaysia National IoT Strategic Roadmap
Malaysia National IoT Strategic RoadmapMalaysia National IoT Strategic Roadmap
Malaysia National IoT Strategic Roadmap
Dr. Mazlan Abbas
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
segughana
 
Mich_Cyber_Initiative_2015
Mich_Cyber_Initiative_2015Mich_Cyber_Initiative_2015
Mich_Cyber_Initiative_2015
Rob Blackwell
 

Ähnlich wie Malaysia's National Cyber Security Policy (20)

Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
 
Data Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityData Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and security
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
ICOCI2013: Keynotes 1
ICOCI2013: Keynotes 1ICOCI2013: Keynotes 1
ICOCI2013: Keynotes 1
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
 
ICT development in Malaysia
ICT development in MalaysiaICT development in Malaysia
ICT development in Malaysia
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
Karlene Francis
Karlene FrancisKarlene Francis
Karlene Francis
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
 
Cyber Security Strategies in UAE.pdf
Cyber Security Strategies in UAE.pdfCyber Security Strategies in UAE.pdf
Cyber Security Strategies in UAE.pdf
 
Malaysia National IoT Strategic Roadmap
Malaysia National IoT Strategic RoadmapMalaysia National IoT Strategic Roadmap
Malaysia National IoT Strategic Roadmap
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
Harshad Katikar Raya Al Mohammed The Annual IT for Government Dubai Summit 2012
Harshad Katikar Raya Al Mohammed The Annual IT for Government Dubai Summit 2012 Harshad Katikar Raya Al Mohammed The Annual IT for Government Dubai Summit 2012
Harshad Katikar Raya Al Mohammed The Annual IT for Government Dubai Summit 2012
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 
Mich_Cyber_Initiative_2015
Mich_Cyber_Initiative_2015Mich_Cyber_Initiative_2015
Mich_Cyber_Initiative_2015
 

Mehr von Directorate of Information Security | Ditjen Aptika

Mehr von Directorate of Information Security | Ditjen Aptika (20)

Sosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor KesehatanSosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor Kesehatan
 
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan TelekomunikasiSosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
 
Sosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor TranportasiSosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor Tranportasi
 
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan UdaraSosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
 
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan BatubaraSosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
 
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang KetenagalistrikanSosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
 
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
 
Fetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelolaFetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelola
 
Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118
 
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasiStandar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made WiryawanDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior LazuardiDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim GautamaDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
 
Teguh arifiyadi ls skse
Teguh arifiyadi ls skseTeguh arifiyadi ls skse
Teguh arifiyadi ls skse
 
Konny sagala skema kelaikan se
Konny sagala skema kelaikan seKonny sagala skema kelaikan se
Konny sagala skema kelaikan se
 
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronikIntan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
 
Uji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI Fetri MiftahUji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI Fetri Miftah
 
RPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim GautamaRPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim Gautama
 
SNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar SiregarSNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar Siregar
 
RPM SMPI
RPM SMPIRPM SMPI
RPM SMPI
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Kürzlich hochgeladen (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Malaysia's National Cyber Security Policy

  • 1. Copyright © 2013 CyberSecurity Malaysia MALAYSIA’S NATIONAL CYBER SECURITY POLICY An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection 10 September 2013 Bandung, Indonesia MOHD SHAMIR B HASHIM Vice President Government and Multilateral Engagement
  • 2. Copyright © 2013 CyberSecurity Malaysia §  Critical infrastructures are increasingly dependent on information and communication. §  The potential natural disasters or terrorist attacks, which threaten the critical infrastructure and critical information infrastructure as well, are dramatically increasing today. §  Risks to the CIIs include man-made attacks, natural disasters and technical failures. §  The high dependence on CNIIs, their cross-border interconnectedness and interdependencies with other infrastructures, as well as the vulnerabilities and threats they face raise the need to address their security and resilience in a systematic perspective as the frontline of defense against failures and attacks. Cyber Threats CRITICAL INFORMATION INFRASTRUCTURES POWER GENERATION SERVICES DISTRIBUTION Interdependencies The high degree of interdependency between the critical infrastructure sectors means failures in one sector can propagate into others. 2
  • 3. Copyright © 2013 CyberSecurity Malaysia Cyber  Content  Related  Threats  Technology    Related  Threats     Hack Threat Fraud Denial of Service Attack Intrusion Malicious Code Harassment Threats to National Security Sedition / Defamation Online Porn Hate Speech 3 Cyber Threats CLASIFICATIONS
  • 4. Copyright © 2013 CyberSecurity Malaysia 4 2005   National Cyber Security Policy formulated by MOSTI NCSP Adoption and Implementation 2006   CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 2007  The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets NCSP Objectives Address The Risks To The Critical National Information Infrastructure Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks Develop And Establish A Comprehensive Program And A Series Of Frameworks Cyber Security Governance NATIONAL CYBER SECURITY POLICY 4
  • 5. Copyright © 2013 CyberSecurity Malaysia VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation 5 DEFENCE & SECURITY • Ministry of Defense, Military • Ministry of Home Affairs, Police TRANSPORTATION • Ministry of Transport BANKING & FINANCE • Ministry of Finance • Central Bank • Securities Commission HEALTH SERVICES • Ministry of Health EMERGENCY SERVICES Ministry of Housing & Local Municipality CRITICAL NATIONAL INFORMATION INFRASTRUCTURE Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on • National Defense & Security • National Economic Strength • National Image • Government capability to function • Public Health & Safety ENERGY • Energy Commission INFORMATION & COMMUNICATIONS • Ministry of Communications & Multimedia GOVERNMENT • Malaysia Administrative, Modernisation and Management Planning Unit FOOD & AGRICULTURE • Ministry of Agriculture WATER • National Water Service Commission National Cyber Security Policy CNII SECTORS
  • 6. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 6 National Cyber Security Policy POLICY THRUST
  • 7. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 7 National Cyber Security Policy POLICY THRUST
  • 8. Copyright © 2013 CyberSecurity Malaysia CyberSecurity Malaysia (www.cybersecurity.my) A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (www.mosti.gov.my). Pt 1: Effective Governance CYBERSECURITY MALAYSIA Ministerial Function Act1969, Amendment 2009 Provides specialised ICT security services and continuously identifies possible areas that may be detrimental to national security Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation CyberSecurity Malaysia as a National Body to monitor aspects of the National e- Security VISION To be a globally recognised National Cyber Security Reference and Specialist Centre by 2020 MISSION Creating and Sustaining a Safer Cyberspace to Promote National Sustainability, Social Well-Being and Wealth Creation 8 Establishment of a national info security coordination centre
  • 9. Copyright © 2013 CyberSecurity Malaysia STRATEGY ENGAGEMENT & RESEARCH INFO SECURITY PROFESSIONAL DEVELOPMENT & OUTREACH SECURITY QUALITY MANAGEMENT SERVICES CYBER SECURITY EMERGENCY SERVICES Digital Forensics Security Management & Best Practices Info Security Professional Development Outreach Strategy Engagement Research Information Security Certification Body CyberSecurity Malaysia CORE FUNCTIONS / SERVICES Security Assurance Security Incident Handling 9
  • 10. Copyright © 2013 CyberSecurity Malaysia National Security Council Chair : Y.A.B. Prime Minister Secretariat: NSC E-Sovereignty Working Group Chair : Under Secretary of NSC National Cyber Security Coordination Committee Chair : NSC Secretariat : NSC Government Communication Strategy Enhancement Committee Chair : PMO Secreatriat : BHEUU National Cyber Crisis Coordination Committee Chair : PMO Secretariat : NSC Cyber Law Committee Chair : AGC Secretariat : AGC National Acculturation & Capacity Building Committee Chair : MOSTI Secretariat : MOSTI MICC compliance & Enforcement Committee Chair : MICC Secretariat : MICC E-Sovereignty Committee Chair : Y.A.B. Deputy Prime Minister Secretariat: NSC National IT Council (NITC) Chair : Y.A.B. Prime Minister Secretariat: MOSTI POLICY   CONTENT   CRISIS   MANAGEMENT   LEGISLATION   ACCULTURATION  &   CAPACITY  BUILDING   COMPLIANCE  &   ENFORCEMENT   Pt 1: Effective Governance ORGANIZATION STRUCTURE 10
  • 11. Copyright © 2013 CyberSecurity Malaysia 11 •  MAMPU •  National Security Council •  Attorney General’s Chambers •  Chief Government Security Office •  Ministry of Science, Technology & Innovation •  Ministry of Defense •  Ministry of Foreign Affairs •  Ministry of Energy, Green Technology & Water •  Ministry of Information, Communication & Culture •  Ministry of Transportation •  Ministry of Home Affairs •  Royal Malaysian Police •  Southeast Asia Regional Center for Counter-Terrorism •  Bank Negara Malaysia •  National Water Services Commission •  Malaysian Communication & Multimedia Commission •  Energy Commission •  Securities Commission Malaysia •  Khazanah Nasional Berhad •  CyberSecurity Malaysia •  MIMOS Berhad •  Standards Malaysia Pt 1: Effective Governance NATIONAL COORDINATION COMMITTEE
  • 12. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 12 National Cyber Security Policy POLICY THRUST
  • 13. Copyright © 2013 CyberSecurity Malaysia 13 Cyber Specific Laws Specific legislation governing online matters •  Communications and Multimedia Act 1998 •  Optical Disk Act 2000 •  Computer Crimes Act 1997 •  Digital Signature Act 1997 •  Telemedicine Act 1997 •  Electronic Commerce Act 2006 •  Electronic Government’s Activities Act 2007 •  Personal Data Protection Act 2010 Non Cyber Specific Laws Legislation that may be used to regulate online matters whenever applicable •  Copyright Act 1987 •  Sedition Act 1948 •  Penal Code •  Defamation Act 1957 Pt 2: Legislative & Regulatory Framework CYBER LAWS OF MALAYSIA Reduction of & increased in success in, the prosecution in cyber crime.
  • 14. Copyright © 2013 CyberSecurity Malaysia 14 A study on the laws of Malaysia to accommodate legal challenges in the Cyber Environment 14 Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
  • 15. Copyright © 2013 CyberSecurity Malaysia 15 Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
  • 16. Copyright © 2013 CyberSecurity Malaysia 16 Pt 2: Legislative & Regulatory Framework AMENDMENTS – EVIDENCE ACT
  • 17. Copyright © 2013 CyberSecurity Malaysia 17 DIGITAL FORENSICS LAB ANALYZE & INVESTIGATE DIGITAL EVIDENCE DATA RECOVERY LAB RECOVER CORRUPTED & DELETED DATA EXPERT DEVELOPMENT LAB PLATFORM FOR RESEARCH & JOB ATTACHMENT EVIDENCE PRESERVATION FACILITY A SECURE ENVIRONMENT FOR DIGITAL EVIDENCE CyberCSI™ Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS
  • 18. Copyright © 2013 CyberSecurity Malaysia 18 Notification of Declaration under Subsection 399(2) - Digital Forensics Analyst Pt 2: Legislative & Regulatory Framework EXPERT WITNESS
  • 19. Copyright © 2013 CyberSecurity Malaysia MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 Digital Forensics Essentials Fundamental 4 Forensics on Internet Application Fundamental 5 Digital Forensics for First Responder Intermediate DIGITAL FORENSICS MODULES Duration: 11 days   19 Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS TRAINING
  • 20. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 20 National Cyber Security Policy POLICY THRUST
  • 21. Copyright © 2013 CyberSecurity Malaysia §  Guidelines: Computer Security Handbook, ICT Outsourcing Information Security §  Best practices: Social Networking, Protecting Your Mobile Device §  3rd Party Information Security Assessment Guideline §  Wireless Local Area Network (LAN) Security Guideline §  Joint development of the National Cyber Crisis Management Plan (NCCMP) with National Security Council. §  Business Continuity Management (BCM) implementation for organization. §  Development of Information Security Standards at the national level. §  Information Security Management System (ISMS) certification programme for Critical National Information Infrastructure (CNII) agencies. §  Develop Information Security Guidelines and Best Practices. 21 Pt 3: Cyber Security Technology Framework SECURITY MANAGEMENT BEST PRACTICES Expansion of national certification scheme for infosec mgmt & assurance
  • 22. Copyright © 2013 CyberSecurity Malaysia Phase 2 – Building the Infrastructure SECURITY STANDARDS MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 ISMS Implementation Intermediate 4 ISMS Internal Auditor Advance ISO 27001 Information Security Management System Duration: 9 days   ISO/IEC 27001 Information Security Management – Confidential Information Remain Confidential 22
  • 23. Copyright © 2013 CyberSecurity Malaysia SECURITY ASSURANCE OFFERS 2 TYPES OF SERVICE FOR THE ENHANCEMENT OF NATIONAL INFORMATION SECURITY ASSURANCE : MyVAC (National Vulnerability Assessment Center) MySEF (Malaysian ICT Security Evaluation Facilities) •  Vulnerability Assessment And Penetration Testing Services for CNII sectors •  Common Criteria (CC) evaluation service •  Security Assessment for control system (SCADA/DCS) •  ICT Product Security Assessment (IPSA) service •  Common Criteria (CC) Protection Profile (PP) evaluation service 23 Pt 3: Cyber Security Technology Framework ASSESSMENT & ASSUARANCE
  • 24. Copyright © 2013 CyberSecurity Malaysia CERTIFICATE AUTHORISING PARTICIPANTS CERTIFICATE CONSUMING PARTICIPANTS •  Participants that represent a compliant Certification Body •  Mutually recognizes certified products/systems produced by the Certificate Authorising Participants based on ISO/IEC 15408 Participants that have a national interest in recognising CC certificates produced by the Certificate Authorising Participants based on ISO/IEC 15408 CCRA is an international recognition arrangement for Common Criteria Standard (ISO/IEC 15408) CyberSecurity Malaysia is the National Certification Body - Malaysian Common Criteria Certification Body (MyCB) ITALY   JAPAN   NETHERLANDS   SWEDEN   TURKEY   NEW    ZEALAND   AUSTRALIA   UNITED  KINGDOM   CANADA   FRANCE   UNITED  STATES   GERMANY   SPAIN  REP.  OF  KOREA  NORWAY   AUSTRIA   GREECE  FINLAND  DENMARK  CZECH  REP   HUNGARY   SINGAPORE  PAKISTAN  ISRAEL  INDIA   24 Pt 3: Cyber Security Technology Framework COMMON CRITERIA RECOGNITION ARRANGEMENT  
  • 25. Copyright © 2013 CyberSecurity Malaysia 1.  International collaboration in the area of CERT in the Asia Pacific region and OIC countries. 2.  Coordinate the implementation of the NCSP. 3.  Secretariat for the Operational Task Force under National Security Council. 4.  Secretariat for the NC3 chaired by National Security Council 1.  Cyber media research 2.  Cyber War Research 3.  Development of National Cryptography Policy 4.  Cyber Laws Study 5.  Co-Chair for CSCAP Study Group on Cyber Security that includes the Issues of Transnational Cyber Crime 6.  Co-Leading Nation for ASEAN Regional Forum in Counter Radicalization Work Plan for Counter-Terrorism & Transnational Crime in collaboration with Ministry of Foreign Affairs 25 Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT  
  • 26. Copyright © 2013 CyberSecurity Malaysia CYBER CONFLICTS Tactics • Cyber espionage • Web vandalism • Propaganda • Gathering data • Distributed Denial-of-Service Attacks • Equipment disruption • Attacking critical infrastructure • Compromised Counterfeit Hardware (source: http://en.wikipedia.org/wiki/Cyberwarfare) 26 Emerging Threats Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT  
  • 27. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 27 National Cyber Security Policy POLICY THRUST
  • 28. Copyright © 2013 CyberSecurity Malaysia 28 Pt 4: Culture Of Cyber Security & Capacity Bldg IT’S ABOUT PEOPLE
  • 29. Copyright © 2013 CyberSecurity Malaysia 29 An area where today’s youth are at greatest risk is social networking http://www.jdpower.com/autos/car-photos/ Identity-Theft/Identity-Theft/2009 Pt 4: Culture Of Cyber Security & Capacity Bldg PEOPLE – WEAKEST LINK
  • 30. Copyright © 2013 CyberSecurity Malaysia 30 National Strategy for Cyber Security Acculturation and Capacity Building Program Pt 4: Culture Of Cyber Security & Capacity Bldg CYBER SECURITY ACCULTURATION & CAPACITY BLDG Reduced no. of InfoSec incidents through improved awareness & skill level
  • 31. Copyright © 2013 CyberSecurity Malaysia §  Man behind the machine is the critical factor Current Ratio of Professionals : Internet User 1 : 8,924 Target 1:1,500 (Conduct Study to determine number of Info Pro) "   Help nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses and certifications. "   Through strategic collaborations with reputable organizations in Malaysia and international accreditation institutions this program is accomplished. "   Malaysia requires sufficient skilled people to deal with sophisticated cyber threats & uncertainty of cyber space. 31 Pt 4: Culture Of Cyber Security & Capacity Bldg CAPACITY BLDG – INFOSEC PRO DEVELOPMENT
  • 32. Copyright © 2013 CyberSecurity Malaysia PROFESSIONAL COURSES • Business Continuity Management Professional Certification (BCLE2000) • Certified Information System Security Professional (CISSP) CBK Review Seminar • Certified Secure System Lifecycle Professional (CSSLP) • ISO 27001 Lead Auditor • Professional in Critical Information Infrastructure Protection (PCIP) • System Security Certified Practitioner (SSCP) CBK Review Seminar SPECIALIZED COURSES • Digital Forensics for Law Practitioner • Forensics on Internet Applications • ISO 27001 Internal Auditor INTERMEDIATE COURSES • Cryptography for Information Security Professional • Digital Forensic for First Responder • Incident Response & Handling for Computer Security & Incident Response Team (CSIRTS) • Incident Handling and Network Security Training (IHNS) • ISO 27001 Implementation • MyCC 2.0 - Foundation Evaluator Training FUNDAMENTAL COURSES • Business Continuity Management For Beginners • Cryptography for Beginners • CSM Security Essential Training • Data Encryption for Beginners • Digital Forensics Essential • Google-Fu Power Search Technique 32 Pt 4: Culture Of Cyber Security & Capacity Bldg TRAINING COURSES
  • 33. Copyright © 2013 CyberSecurity Malaysia 33 CyberSecurity  Malaysia’s   CyberSAFE   Cyber  Security  Awareness  For  Everyone    PROGRAM   •   It  is  everyone’s  responsibility     •   To  explore  smart  partnership            CyberSecurity  Malaysia  and  YOU   Pt 4: Culture Of Cyber Security & Capacity Bldg AWARENESS
  • 34. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 34 National Cyber Security Policy POLICY THRUST
  • 35. Copyright © 2013 CyberSecurity Malaysia Development of the National R&D Roadmap for Self Reliance in Cyber Security Technologies is facilitated by MIMOS Berhad, a Government R&D institution 35 To Identify Technologies That Are Relevant and Desirable by the CNII To Promote Collaboration with International Centres of Excellence To Provide Domain Competency Development To Nurture the Growth of Local Cyber Security Industry To Update the National R&D Roadmap Pt 5: Research & Development Towards Self Reliance R & D ROADMAP Acceptance & utilization of local developed info security products
  • 36. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 36 National Cyber Security Policy POLICY THRUST
  • 37. Copyright © 2013 CyberSecurity Malaysia 37 •  To study the need to introduce a Cyber Security Safety Standards Act to ensure mandatory compliance by CNII to ISMS Standards (ISO27001) and other selected standards. •  Audit and certification of ISMS compliance of CNIIs within 3 years from the date of Cabinet mandate 24 Feb 2010 Ensure  Mandatory   Compliance  to   Informa;on   Security  Standards   by  CNII   • Government Agencies dialogue session to implement ISMS compliance for CNIIs • ISMS (ISO/IEC-27001) training and workshops for CNIIs and regulatory bodies • CNII Information Security Standards Adoption Program Capability  and   Awareness     Programmes  for   CNIIs • Local Developers to obtain products certification under ISO 15408 (Common Criteria EAL2) • Develop Cyber Security Industry Directory to list Malaysian IT security companies, products and IT security professionals • Cyber Security Trade Event to promote locally developed products under Common Criteria (Nov2012) Facilitate  Industry   Development   In progress Case  for  change:   n Cabinet  mandate  for  CNII  organizaTons   to  obtain  ISMS  cerTficaTon  within  3   years  24  Feb  2010   n CriTcal  NaTonal  InformaTon   Infrastructure  (CNII)  exposed  to  cyber   threats   n Lack  of  compliance  to  informaTon   security  standards  (eg  ISMS  27001)   amongst  CNII   n Weak  ecosystem  of  local  industry  to   support  the  requirements  of  CNII  e.g.   Products  cerTfied  under  Common   Criteria   RecommendaTon:   n Ensure  mandatory  compliance  of    ISMS   Standards  for  CNII   n Capability  and  Awareness  for  CNIIs   n Facilitate  Industry  Development   *  CollaboraTon  with  PEMANDU   (Performance  Management  and   Delivery  Unit)  SRI  (Strategic  Reform   IniTaTve)   In progress In progress Pt 6: Compliance & Enforcement STANDARDS & GUIDELINES Strengthen or include infosec enforcement role in all CNII regulatorsI
  • 38. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 38 National Cyber Security Policy POLICY THRUST
  • 39. Copyright © 2013 CyberSecurity Malaysia  Number  of  cyber  security  incidents  referred  to  CyberSecurity  Malaysia  31  Aug   2012  (excluding  spams)   INCIDENTS §  Intrusion §  Intrusion Attempt §  Spam §  DOS §  Cyber Harassment §  Fraud §  Content Related §  Malicious Code §  Vulnerabilities Report 39 As of 30th April 2013 CNII resilience against cyber crime, terrorism, info warfare Pt 7: Cybersecurity Emergency Readiness CYBER INCIDENTS 1997 - 2012
  • 40. Copyright © 2013 CyberSecurity Malaysia 0   100   200   300   400   500   600   2002   2003   2004   2005   2006   2007   2008   2009   2010   2011   2012   30   58   49   48   91   105   137   190   172   131   59  13   5   20   45   41   116   160   212   428   442   349   Forensic  Analysis   Data  recovery   •  75% cases - from law enforcement agencies (PDRM, BNM, AG, SKMM etc). •  Types of cases – Financial Fraud, Sexual Assault, National threats, etc. [  As  of  31st  August  2012  ]   43   63 93 69 132 221 297 600 402 573 408 40 Pt 7: Cybersecurity Emergency Readiness DIGITAL FORENSICS CASES (2002 – 2012)
  • 41. Copyright © 2013 CyberSecurity Malaysia 41 Cyber999™ Cyber Early Warning Services 1. Incident Handling 2. Cyber Early Warning 3. Technical Coordination Centre 4. Malware Research Center §  Email o  cyber999@cybersecurity.my o  mycert@mycert.org.my §  Phone o  +603 8992 6969 o  1 300 88 2999 §  Fax o  +603 8945 3442 §  SMS o  15888 Cyber999 Report §  Mobile (24x7) o  +6019 266 5850 §  Online – http://www.mycert.org.my §  Office Hours – MYT 0830 - 1730 Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
  • 42. Copyright © 2013 CyberSecurity Malaysia 42 Emerging   Threats   LebahNet   Project   Malware   Research   Threats   VisualizaTon   Advisory  &   Alerts     EXPLOIT ADVISORIES & ALERTS §  Software vulnerabilities (advisories) §  0 day vulnerabilities §  Patch & upgrades OUTBREAKS ALERTS §  H1N1 flu §  Trojan-Michael Jackson Death §  Conficker §  IE/Acrobat/Office/Flash 0 day MA-321.072012 : MyCERT Alert - Microsoft Security Bulletin Summary For July 2012 21/06/2012 MA-320.062012 : MyCERT Alert - Critical Vulnerability in Microsoft XML Core Services 19/06/2012 MA-319.062012 : MyCERT Alert - Increase in Web Defacement Incidents 13/06/2012 MA-318.062012 : MyCERT Alert - Microsoft Security Bulletin Summary For June 2012 13/06/2012 MA-317.062012 : MyCERT Alert - Oracle Java SE Critical Patch Update Advisory - June 2012 11/06/2012 MA-316.062012 : MyCERT Alert - Critical Vulnerability in MySQL and MariaDB 11/06/2012 MA-315.062012 : MyCERT Alert - Critical Vulnerability in Adobe Flash Player 07/06/2012 Pt 7: Cybersecurity Emergency Readiness MALWARE RESEARCH CENTER
  • 43. Copyright © 2013 CyberSecurity Malaysia Incident Handling Technical Coordination Centre MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 Incident Handling & Network Security (IHNS) Intermediate 4 Ethical Hacking and Penetration Testing Intermediate 5 Security Audit and Assessment Intermediate INCIDENT HANDLING MODULES Duration: 13 days   43 Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
  • 44. Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Communications & Multimedia 1 2 3 4 5 6 7 8 44 National Cyber Security Policy POLICY THRUST
  • 45. Copyright © 2013 CyberSecurity Malaysia 45 APCERT OIC-CERT ENGAGE Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events PRIORITIZE Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests Pt 8: International Collaboration MISSIONS International branding on CNII protection with improved awareness & skill level
  • 46. Copyright © 2013 CyberSecurity Malaysia q  The National Cyber Security Policy is a holistic approach for cyber defence of the CNIIs and the nation. q  Encouraging Public Private Cooperation as essential element in mitigating cyber threats q  Commitment from stakeholders is critical in ensuring the success of the policy’s implementation. 46 NATIONAL CYBER SECURITY POLICY In Conclusion
  • 47. Copyright © 2013 CyberSecurity Malaysia 47