Академический Документы
Профессиональный Документы
Культура Документы
SCOPE
INTRODUCTION
CYBER THREATS IN THE BUSINESS SECTOR
MALAYSIA S INITIATIVES
SECURITY THREATS
IN ADDRESSING CYBER
INTRODUCTION
With the increase in sophistication and proliferation of the threat
landscape, security challenges in the cyberspace have become more
complex while security threats grow at an alarming rate.
The constantly evolving nature of cyber threats and vulnerabilities are
posing a persistent challenge to the business sector with the threat of
attack on the critical national information infrastructure.
The dynamic nature of the cyber risk environment requires
continuous proactive and innovative cyber-protection capability.
VISION 2020
Preservation and
Enhancement of
Unity in Diversity
Effective Delivery of
Government services
1Malaysia
Government
Transformation
Programme (GTP)
People First,
Performance Now
Towards
Digital
Economy
Cyber
Security &
Economic
Innovation
are
mutually
reinforcing
New Economic
Model: A high
Income, inclusive and
sustainable nation
Economic
Transformation
Programme (ETP)
Anchoring Growth
on People
11 th Malaysia Plan
The
p eople
economy
will
b e
given
priority
Cyber
crime
costs
the
global
economy
about
$445
billion
every
year,
with
the
damage
to
business
from
the
theft
of
intellectual
property
exceeding
the
$160
billion loss
to
individuals
from
hacking
- The
Center
for
Strategic
and
International
Studies,
U.S.A
2014
Note:
A
negative
percentage
indicates
that
the
security
risk
rating
is
expected
to
increase.
A
positive
percentage
indicates
that
risk
is
forecasted
to
decline.
Source:
2015
Global
Megatrends
in
Cybersecurity,
Ponemon
Institute,
February
2015
Copyright 2015 CyberSecurity Malaysia
10
11
12
13
14
July
9 ,
2 015
Copyright 2015 CyberSecurity Malaysia
15
16
Southeast Asias financial sector faces a dual threat. First, standard cybercriminals are looking to
steal money from them. Second, advanced threat actors are seeking sensitive financial information
for a business advantage.
Source:
Special
Report
- Southeast
Asia:
An
Evolving
Cyber
Threat
Landscape
FireEye
Threat
Intelligence,
March
2015
Copyright 2015 CyberSecurity Malaysia
17
18
19
20
21
A
HOLISTIC
APPROACH
People,
Process,
Technology
&
Policy
22
National Cyber
Security Policy
formulated by
MOSTI
2006
2005
2007
MALAYSIAS
INITIATIVES
- National
Cyber
Security
Policy
CyberSecurity
Malaysia
launched
by
Prime
Minister
of
Malaysia
on
20
August
2007
NCSP
Adoption
and
Implementation
NCSP Objectives
National
IT
Council
(NITC)
Meeting
o n
7
Apr
2006
agreed
to
implement
NCSP
and
establishment
o f
the
Malaysia
Cyber
Security
Centre
to
administer
NCSP.
NCSP
was
endorsed
b y
the
Cabinet
in
May
2006.
CyberSecurity
Malaysia
launched
b y
Prime
Minister
o f
Malaysia
o n
20
Aug
2007
The policy recognises the critical and highly interdependent nature of the
CNII and aims to develop and establish a comprehensive programme and a
series of frameworks that will ensure the effectiveness of cyber security
controls over vital assets
Copyright 2015 CyberSecurity Malaysia
Provide
specialised
services
in
cyber
security
and
continuously
identify
areas
that
may
be
detrimental
to
public
and
national
security
Order No.24 - Policy and Mechanism for National Cyber Crisis Management by the National Security
Council, Malaysia:
24
Thrust 1:
Effective
Governance
Thrust 2:
Legislative &
Regulatory
Framework
Thrust 3:
Cyber Security
Technology
Framework
Energy
Government
Service
Emergency
Services
Thrust 6:
Compliance &
Enforcement
Health
Services
Water
Thrust 7:
Defense &
Security
Food &
Agriculture
Transportation
Cyber Security
Emergency
Readiness
Information &
Communication
Thrust 4:
Culture of Security
& Capacity Building
Thrust 5:
Thrust 8:
International
Cooperation
25
26
26
CYBERSECURITY
MALAYSIA
- Coordinated
Malware
Eradication
&
Remediation
Project
(CMERP)
Framework
1)
Forensic
Analysis
2)
Threat
Coverage
3)
Preventive
Measure
4)
Target
Audience
5)
Forensic
Response
6)
Total
Eradication
27
Preventive
Risk Assessment
Implementation of
Information Security
Controls
Adherence to Policies and
Procedures
Detective
Vulnerability Assessment &
Penetration Testing
ICT Product & System
Evaluation
Business Continuity
Management
Corrective
Management Review
Regular Monitoring
28
Comprehensive Scope
Internal and external issues that are
relevant to organisational purpose;
MS
ISO/IEC
27001:2007
29
MISSION
to
increase Malaysias
competitiveness
in
quality
assurance
of
information
security based
on
the
Common
Criteria
(CC)
standard
and
to
build
consumers confidence
towards
Malaysian
information
security
products
30
31
Provides
competency
and
p rofessional
Training
p rogrammes
Collaboration
between
CyberSecurity
Malaysia
and
Institute
of
H igher
Learning
(IHL)
in
various
comprehensive
cyber
security
modules
32
Content
Channels
Target
Audience
Children / students
Web
Poster
Other
industry
partners
Organisations
Competition
TV ad
33
www.cybersafe.my
Copyright 2015 CyberSecurity Malaysia
33
34
35
36