countries:malaysia:cyber_security
                Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| countries:malaysia:cyber_security [2023/01/12 12:57] – wikiadmin | countries:malaysia:cyber_security [2023/01/20 18:13] (current) – wikiadmin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Malaysia Cyber Security Policies ====== | ||
| + | |||
| + | |||
| + | [[https:// | ||
| + | NACSA National Cyber Security Agency]] | ||
| + | |||
| + | The National Cyber Security Agency (NACSA) was officially established in February 2017 as the national lead agency for cyber security matters, with the objectives of securing and strengthening Malaysia' | ||
| + | |||
| + | |||
| + | |||
| + | [[https:// | ||
| + | Cyber Security Research]] | ||
| + | |||
| + | The Strategic Research Division of CyberSecurity Malaysia is responsible for developing, coordinating and stimulating a continuous research activity at CyberSecurity Malaysia within the cyber security domain. | ||
| + | |||
| + | |||
| + | [[https:// | ||
| + | Cybersecurity In Malaysia]] | ||
| + | |||
| + | |||
| + | [[https:// | ||
| + | Safeguarding Malaysia’s Cyberspace against Cyber Threats: | ||
| + | Contributions by CyberSecurity Malaysia]] | ||
| + | |||
| [[https:// | [[https:// | ||
| [[https:// | [[https:// | ||
|  |  | ||
| + | |||
| + | [[https:// | ||
| + | Malaysia’s National Cyber Security Policy | ||
| + | The Country’s Cyber Defence Initiatives]] | ||
| + | |||
| + | |||
| The Malaysian Cyber Security Framework (MyCSF) is a set of guidelines and best practices developed by the Cyber Security Agency of Malaysia (CSA) to help organizations in Malaysia protect their IT systems and data from cyber threats. The MyCSF framework is based on international standards such as ISO 27001 and provides a systematic approach for managing and implementing cyber security in an organization. It covers areas such as risk management, incident management, and compliance. The framework is intended for use by organizations of all sizes and industries, and is designed to be flexible and adaptable to the specific needs of each organization. | The Malaysian Cyber Security Framework (MyCSF) is a set of guidelines and best practices developed by the Cyber Security Agency of Malaysia (CSA) to help organizations in Malaysia protect their IT systems and data from cyber threats. The MyCSF framework is based on international standards such as ISO 27001 and provides a systematic approach for managing and implementing cyber security in an organization. It covers areas such as risk management, incident management, and compliance. The framework is intended for use by organizations of all sizes and industries, and is designed to be flexible and adaptable to the specific needs of each organization. | ||
| Line 11: | Line 41: | ||
| The CSA is headed by a Director General and is overseen by the Ministry of Communications and Multimedia. The agency is also responsible for the development of the Malaysian Cyber Security Framework, a set of guidelines and best practices for managing and implementing cyber security in organizations. | The CSA is headed by a Director General and is overseen by the Ministry of Communications and Multimedia. The agency is also responsible for the development of the Malaysian Cyber Security Framework, a set of guidelines and best practices for managing and implementing cyber security in organizations. | ||
| + | |||
| + | |||
| + | ASEAN members will invest US$171 billion collectively on Cybersecurity between 2017 and 2025. | ||
| + | |||
| + | Cybersecurity is a priority across the majority of economic sectors in Malaysia. The Government of Malaysia (GOM) launched the Malaysia Cyber Security Strategy (MCSS) 2020-2024, with an allocation of US$434 million to step up the national cybersecurity preparedness and upgrade the country’s cybersecurity measures. | ||
| + | |||
| + | The MCSS outlines five strategic pillars as guiding principles to improve the country’s cybersecurity management over the next five years. The first pillar is to boost national governance and cybersecurity management by improving Malaysia’s critical ICT infrastructure. The second pillar focuses on bolstering current cybersecurity laws by reviewing related legislation and formulating new laws on cybersecurity. The remaining pillars focus on empowering innovation, improving cybersecurity talents in Malaysia, and leveraging regional and international cooperation to protect its cyberspace. | ||
| + | |||
| + | In the current shifting landscape towards digitalization, | ||
| + | |||
| + | In response to the rising tide of cyber security threats in Malaysia, the Parliament has, over the years, passed a slew of cyber legislation to deal with activities in the cyberspace and to tackle cyber attacks. | ||
| + | |||
| + | There has yet to be a stand-alone cyber security legislation and there is no news that the Parliament is planning to enact one. In this article, we set out a brief description of the relevant cyber legislation and their relevance to cybersecurity as well as the cybersecurity framework that is currently in place in Malaysia. | ||
| + | |||
| + | Existing Laws That Deal with Cyber Security | ||
| + | |||
| + | Communications and Multimedia Act 1998 (“CMA”) | ||
| + | |||
| + | As the main cyber law in Malaysia, the CMA provides for and regulates the converging areas of communications and multimedia. | ||
| + | |||
| + | In particular, the CMA regulates various activities carried out by licensees (i.e. network facilities providers, network service providers, applications service providers and content applications service providers) as well as those utilising the services provided by licensees. One of the objects of the CMA is to ensure information security and network reliability and integrity in Malaysia. | ||
| + | |||
| + | Computer Crimes Act 1997 (“CCA”) | ||
| + | |||
| + | The CCA criminalizes the act of hacking, spreading of computer viruses and wrongful communication of any means of access to a computer to an unauthorized person. | ||
| + | |||
| + | Depending on the type of offence committed, the fines range from RM25,000 to RM150,000 and imprisonment of 3 to 10 years or both. | ||
| + | |||
| + | Digital Signatures Act 1997 (“DSA”) | ||
| + | |||
| + | The DSA is an enabling law that allows for the development of, among others, electronic transactions, | ||
| + | |||
| + | The legal recognition of digital signatures allows electronic communications to be transmitted securely, especially on the Internet. It is an identity verification procedure using encryption techniques to prevent forgery and interception of communication. | ||
| + | |||
| + | Electronic Commerce Act 2006 (“ECA”) | ||
| + | |||
| + | The object of the ECA is to provide for legal recognition of electronic messages in commercial transactions, | ||
| + | |||
| + | It confers legal recognition to the formation of a contract via electronic means; recognizes electronic messages and electronic signatures; deems certain electronic document to be considered original as well as provides that the retention of documents in electronic format fulfils the requirements of the law, provided certain qualifying criteria are met. | ||
| + | |||
| + | Personal Data Protection Act 2010 (“PDPA”) | ||
| + | |||
| + | The PDPA regulates the processing of personal data in commercial transactions and for matters connected therewith and incidental thereto. | ||
| + | |||
| + | The PDPA applies to anyone who processes and has control over or authorizes the processing of any personal data in respect of commercial transactions. The PDPA sets out 7 personal data protection principles, of which the most relevant one in the context of cybersecurity would be the Security Principle i.e. appropriate technical and organisational security measures shall be taken to prevent unauthorised or unlawful processing of personal data and accidental loss, misuse, modification or unauthorised disclosure of personal data. | ||
| + | |||
| + | National Cyber Security Policy (“NCSP”) | ||
| + | |||
| + | In addition to legislative measures, the Government has also rolled out the NCSP to strengthen Malaysia’s Critical National Information Infrastructure (“CNII”) and facilitate Malaysia’s drive towards attaining a developed nation status by the year 2020. | ||
| + | |||
| + | The NCSP addresses, among other things, risks to the CNII, which concern the networked information systems of ten sectors, namely, Defence and Security; Transportation; | ||
| + | |||
| + | The NCSP sets out a number of “policy thrusts” to ensure the effectiveness of cybersecurity controls over vital assets. These “policy thrusts” would require the collaboration of different government agencies in ensuring effective governance and proper regulatory framework. The NCSP also requires the CNII sectors to ensure compliance with information security standards and technology-specific guidelines to a level commensurate with the risks. | ||
| + | |||
| + | On top of that, the NCSP also aims to increase the technological capabilities to resolve cyber crimes through improving digital forensic lab facilities. Malaysia has identified the ISO/IEC 27001 as the baseline standard for information security and has proposed for all CNII sectors to be ISO/IEC 27001 Information Security Management Systems (“ISMS”) certified. | ||
| + | |||
| + | Government Agencies/ | ||
| + | |||
| + | Cyber Security Malaysia | ||
| + | |||
| + | Cyber Security Malaysia (formerly known as the National ICT Security and Emergency Response Centre (“NISER”)), | ||
| + | |||
| + | MyCERT and Cyber999 | ||
| + | |||
| + | Malaysia Computer Emergency Response Team (“MyCERT”) addresses the computer security concerns of Malaysia’s Internet users and aims to reduce the probability of cybersecurity attacks. | ||
| + | |||
| + | The agency was formed under Cyber Security Malaysia to provide a point of contact for Internet users who are affected by cybersecurity incidents. MyCERT provides assistance for users who are affected by the intrusion, identity theft, malware infection, cyber harassment and other computer security related incidents. MyCERT collaborates with other law enforcement agencies and regulators such as the Royal Malaysian Police, Securities Commission, Central Bank of Malaysia, along with Internet Service Providers and various computer security response teams around the world. | ||
| + | |||
| + | Operated by MyCERT, Cyber999 is a computer security incident handling and response help centre relating to detection, interpretation and response to computer security incidents. Aside from that, it also alerts Internet users in Malaysia in the event of a cybersecurity threat or malware outbreak. | ||
| + | |||
| + | CyberCSI | ||
| + | |||
| + | As Cyber Security Malaysia’s Outreach & Corporate Commitment Department, CyberCSI provides full-fledged digital forensics investigations and examinations in the areas of audio and video forensics. | ||
| + | |||
| + | The agency regularly works with law enforcement agencies, government-linked companies and private companies. The agency also has a team of analysts who have been gazetted under the Criminal Procedure Code i.e. all reports and testimonials provided by the CyberCSI analysts are admissible in the Malaysian courts. The services provided by CyberCSI include digital forensics, data recovery, data sanitization and provision of expert witnesses. | ||
| + | |||
| + | MyVAC, MySEF and MyCC | ||
| + | |||
| + | Initially created in line with the NCSP, the National Vulnerability Assessment Centre (“MyVAC”) is a unit of the Security Assurance Department under Cyber Security Malaysia that aims to improve the nation’s ability to defend against cyber crimes and the exploitation of information systems and technological vulnerabilities. It aims to improve security in the CNII sectors through actual assessment or evaluation. Specifically, | ||
| + | |||
| + | Likewise, the Malaysian ICT Security Evaluation Facilities (“MySEF”) provides similar assessment and evaluation services, except that it provides its services from the perspective of ICT Security Evaluation of its products and systems. | ||
| + | |||
| + | Another agency that carries out these functions is the Malaysian Common Criteria Evaluation and Certification (“MyCC”). MyCC evaluates and certifies the security functionality within ICT products against the Common Criteria, i.e. ISO/IEC 15408. | ||
| + | |||
| + | CyberSAFE | ||
| + | |||
| + | CyberSAFE stands for “Cyber Security Awareness for Everyone”. | ||
| + | |||
| + | The agency acts as the government’s outreach initiative to educate and improve awareness of the general public on the technological and social issues plaguing Internet users. In line with this, the agency regularly provides updates and guidelines on the safe usage of the Internet for children, parents, industry players and policymakers. | ||
| + | |||
| + | Proposed Regulatory Framework on Cyber Security Resilience | ||
| + | |||
| + | The Securities Commission Malaysia is in the midst of coming up with a regulatory framework relating to the management of cyber security risk by capital market participants. The framework would include recommendations on the steps to be taken and the minimum requirements that should be addressed in cybersecurity frameworks, which includes prevention, detection and recovery measures. | ||
| + | |||
| + | On the defence front, the Deputy Defence Minister has recently announced a three-pronged approach to enhance cyber security in Malaysia. We may expect some legislative reforms to bolster and/or to introduce new legislation that deals with cyber security threats to Malaysia’s critical information infrastructure. | ||
| + | |||
countries/malaysia/cyber_security.1673510247.txt.gz · Last modified: 2023/01/12 12:57 by wikiadmin
                
                