Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.cmc.gov.my © Malaysian Communications and Multimedia Commission 1 Malaysia’s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager,

Published byShana Dean Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.cmc.gov.my © Malaysian Communications and Multimedia Commission 1 Malaysia’s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager,"— Presentation transcript:

1 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 1 Malaysia’s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager, Industry Development Division, Malaysian Communications and Multimedia Commission

2 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 2 Background MCMC is a statutory body established under the Malaysian Communications and Multimedia Commission Act 1998 to regulate and nurture the communications and multimedia industry in Malaysia in accordance with the national policy objectives set out in the Communications and Multimedia Act 1998 (CMA). The MCMC is also charged with overseeing the new regulatory framework for the converging industries of telecommunications, broadcast and online activities. The 10 th National Policy Objective, as stated in the CMA, requires the Commission to ensure information security and the integrity and reliability of the network for the country

3 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 3 Laws and Policies S. 3 (2) (j) CMA “to ensure information security and network reliability and integrity Communications and Multimedia Act 1998 (CMA) Computer Crimes Act 1997 Under the CMA, the Commission is entrusted to ensure information security and the reliability and integrity of the network. Legal issues relating to network security are addressed in the Communications and Multimedia Act and the Computer Crimes Act 1998. For example, fraudulent use of network, improper use of network facilities/services and interception of communications are addressed in the CMA. Under the Computer Crimes Act, acts such as unauthorized access to computer material and with intent to commit or facilitate commission of further offence, unauthorized modification of contents of any computer and wrongful communication is addressed. Digital Signature Act 1998

4 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 4 Present Approach PublicPrivate MCMC CMA The Police CCA CMA Presently, matters relating to information and network security in the public sector is under the administration of the Malaysian Administrative Modernization and Management Planning Unit (MAMPU) Within MAMPU, there is the ICT Security Division. They recently launched the Malaysian Public Sector Management Of Information & Communications Technology Security Handbook (MyMIS) They also operate the G-CERT. However, MAMPU does not have any enforcement powers. The National IT Council gave birth to NISER to address e-security Issues of the nation and as to act as Malaysia’s CERT. NISER or the “National ICT Security and Emergency Response Center” offers research in vulnerability detection, intrusion detection and computer forensic technology. They offer their services to private and public entities. Like MAMPU’s ICT Security Division, they do not Have any enforcement powers.

5 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 5 Cont; MCMC MAMPU NISER MECM DEFENCEBKN POLICE Information and Network Security INDUSTRY

6 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 6 Issues (from present approach) a)Coordination b)Awareness c)Implementation of policies d)Information-sharing

7 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 7 Future Plans COORDINATION CENTRE Financial Sector Information Security and Critical National Infrastructure Communications and Multimedia Energy Military Transportation Health and Emergency services Government services Water and Sewerage Central Government Industry

8 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 8 The Way Forward Setting up of a centralized body that will act as a stop agency for all, private and public bodies. Malaysia’s centre ASEAN Regional Centre for Information and Network Security Malaysia will host a workshop on Information/Network Security and the Protection of Critical National Infrastructure in June. We have invited 6 organizations from Japan, S.Korea, Australia, New Zealand, UK and Canada to KL for them to share their experiences. It is hope Malaysia would be able to learn as much as possible to help us in setting up our local centralized body. Apart from the local participants, Malaysia has also extended invitations to other ASEAN countries to participate in order for ASEAN to also plan a regional centre of some sort for the benefit of ASEAN.

9 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 9 Pointers for Slide # 2 Briefly explains what MCMC is and its relation/relevance to Information and Network Security. MCMC is also the Regulatory Authority for all of the ISPs operating in Malaysia. Apart from regulating and nurturing the communication and Multimedia industry in accordance with the CMA, the MCMC is also the “Controller” for the Certification Authorities under the Digital Signature Act 1998. The CMA is the only piece of regulation or law that identifies information security and the reliability and integrity of the network as a National Policy Objective. However, it does not elaborate on the process. Effectively, it is up to the organizations to fall into place.

10 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 10 Pointers for Slide # 3 In approaching Network Security, the participants may want to know what are the laws and policies in Malaysia that governs network security. In Malaysia’s instance, the main statutes is the CMA and the Computer Crimes Act 1997. Within the two statutes, there are legal issues identified such as fraudulent use of network, improper use of network facilities/services and interception of communications are described in the CMA. In the CCA, acts such as unauthorized access, modification of contents and wrongful communication is addressed

11 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 11 Pointers for Slide # 4 Presently, approaches to network security has a “jurisdiction” flavor to it. Security issues in the public sector is administered by MAMPU (Malaysian Administrative Modernization and Management Planning Unit) Within MAMPU is the ICT Security Division. They also operate a CERT for the Government. They had also recently launched The Malaysian Public sector Management of Information and Communications Technology Security Handbook (myMIS). The handbook is a set of guidelines concerning compliance and adherence to best practices and measures leading to information and network security. A copy is available online at http://www.mampu.gov.my/ICT/MyMIS/MyMIS.htmhttp://www.mampu.gov.my/ICT/MyMIS/MyMIS.htm All of the public sectors are asked to comply and adhere to the handbook while the private sector is encouraged. However, the ICT Security Division do not have any enforcement powers to enforce compliance.

12 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 12 Cont; Whilst security issues within the public sector is “administered” by MAMPU, the National IT Council (NITC) was of the opinion that there was a need for a body that will be able to assist the private sector in dealing with security issues. Thus the NITC gave birth to the National ICT Security and Emergency Response Centre (NISER). NISER is also Malaysia’s CERT or MyCERT. They offer their services in respect of vulnerability detection, intrusion detection and forensic technology. Presently, they offer their services to both public and private sectors. Like MAMPU, NISER do not have any enforcement powers.

13 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 13 Cont; In this instance, only MCMC and the Police have any enforcement powers in matters relating to Information and Network Security. The MCMC is the body entrusted to implement and promote the Government’s national policy objectives under the CMA. It has enforcement powers in relation to offences relating to network security in the CMA. The Police has “sweeping” enforcement powers. They have jurisdiction over the CMA and also the CCA. All complaints relating to network security matters will be passed to either the MCMC or/and the Police.

14 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 14 Pointers for Slide # 5 As it is, organizations in Malaysia lack the coordination process. This is a point of concern as it slows the development with regards to implementation of policies, information-sharing and creating awareness. All of the organizations are “loosely” bound together and this is a disadvantage when the country needs to “react” to certain issues.

15 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 15 Pointers for Slide # 6 Presently, looking at the current situation, there are 4 main concerns that need to be tackled. There is a basic lack of coordination. This is a concern when the country is to react or put into place, proactive measures. The lack of coordination results in poor sharing of information, ineffective implementation of policies and a need for awareness program. However so, the MCMC is initiating continuous awareness program on security to consumers alike. The MCMC is also undertaking a network security audit for all of the ISPs

16 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 16 Pointers for Slide # 7 Future Plans: There is an urgent need for bodies, sectors and stakeholders of the country’s Critical National Infrastructure to identify a centralized body which will coordinate and facilitate the issues concerning Information and Network Security, also the Protection of Critical Infrastructure. The relevant bodies in Malaysia have met last March 8 to discuss the setting up of that “centralized body”. That centralized body will then function as Malaysia’s national body which will bind all of the critical sectors of Information and Network Security into a group to facilitate coordination process, dissemination of information and also as the nation’s centre of excellence in the field of “information and network security”.

17 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 17 Pointers for Slide # 8 To jump start the initiative to set Malaysia’s own local central body for Information and Network Security, and the Protection of Critical Infrastructure, we have initiated a workshop where we have invited 6 organizations representing Japan, S.Korea, UK, Canada, New Zealand and Australia who are responsible for Information and Network Security, and the Protection of Critical Infrastructure in their own countries. The workshop will be from 10-11 June 2002. Malaysia has also invited all ASEAN countries to participate in the workshop. During the workshop, Malaysia hopes to learn as much as possible on the workings of each centre, how they operate, the lessons learnt and their experiences in dealing with matters such as jurisdiction,

18 www.cmc.gov.my © Malaysian Communications and Multimedia Commission 18 Cont; coordination and so forth. We have also invited ASEAN members to participate. This is because During the last ASEAN Telecommunications Minister meeting in KL in July 2001, Malaysia mooted the idea of having a regional coordination centre/body for ASEAN on Information and Network Security. This is to allow member countries of ASEAN to interact, exchange and share information and train its members on matters relating to information and network security. Malaysia was chosen to spearhead this initiative for ASEAN and the workshop that we will be hosting in June 2002 will be the catalyst towards a new approach on network security, for Malaysia and also for ASEAN.

Download ppt "Www.cmc.gov.my © Malaysian Communications and Multimedia Commission 1 Malaysia’s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager,"

Similar presentations

A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Steps towards E-Government in Syria

Steps towards E-Government in Syria
Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.

Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.
1 African ICT Roadmap to Achieve NEPAD Objectives Arusha, Tanzania, 1-3 April 2003 Roles of Government and ATU in the Implementation of NEPAD ICT objectives.

1 African ICT Roadmap to Achieve NEPAD Objectives Arusha, Tanzania, 1-3 April 2003 Roles of Government and ATU in the Implementation of NEPAD ICT objectives.
February 2007Federal Regulatory Improvement Commission.

February 2007Federal Regulatory Improvement Commission.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
1 Regional policy The Resource BOOK of PPP case studies Second International workshop on PPP Brussels 5th July 2004- Roberto Ridolfi.

1 Regional policy The Resource BOOK of PPP case studies Second International workshop on PPP Brussels 5th July Roberto Ridolfi.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.

Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
EACO, WORKING GROUP 10 E-WASTE WORKSHOP REPORT

EACO, WORKING GROUP 10 E-WASTE WORKSHOP REPORT
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
Jasminka Dzumhur, Ombudsperson of BiH “Role of national human rights institutions” Ljubljana, 1. December 2014.

Jasminka Dzumhur, Ombudsperson of BiH “Role of national human rights institutions” Ljubljana, 1. December 2014.
RATIFICATION OF FINAL ACTS AND DECISIONS OF THE 1999 BEIJING CONGRESS – UNIVERSAL POSTAL UNION.

RATIFICATION OF FINAL ACTS AND DECISIONS OF THE 1999 BEIJING CONGRESS – UNIVERSAL POSTAL UNION.
E-Waste Management Policy and Strategy in Uganda

E-Waste Management Policy and Strategy in Uganda
Colombo, Sri Lanka, 7-10 April 2009 The National IPv6 Roadmap and its Regulatory Role Prof Dr Sureswaran Ramadass, National Advanced IPv6 Centre Of Excellence.

Colombo, Sri Lanka, 7-10 April 2009 The National IPv6 Roadmap and its Regulatory Role Prof Dr Sureswaran Ramadass, National Advanced IPv6 Centre Of Excellence.
END OF PROJECT WORKSHOP OCTOBER 2008 TO JUNE 2013 PRESENTATION BY HELLEN LOTARA ACHIRO UNDERSECRETARY, LABOUR MINISTRY OF LABOUR, PUBLIC SERVICE & HUMAN.

END OF PROJECT WORKSHOP OCTOBER 2008 TO JUNE 2013 PRESENTATION BY HELLEN LOTARA ACHIRO UNDERSECRETARY, LABOUR MINISTRY OF LABOUR, PUBLIC SERVICE & HUMAN.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

Similar presentations

Ads by Google