INGENIEUR
National Cyber Security Policy
Source: www. nitc.mosti.gov.my, www.cybersecurity.my
This National Cyber Security Policy (NSCP)
has been designed to facilitate Malaysia’s
move towards a knowledge-based economy
(K-economy). The Policy was formulated based
on a National Cyber Security Framework that
comprises legislation and regulatory, technology,
public-private co-operation, institutional, and
international aspects.
The National Cyber Security Policy was
approved by the Government of Malaysia for
implementation in 2006. The objective of NCSP
is to accumulate national effort in securing the
Critical National Information Infrastructure (CNII)
of the country.
The
Critical
National
Information
Infrastructure
comprises
the
networked
information systems of ten critical sectors,
namely:
1. National Defence and Security
2. Banking and Finance
3. Information and Communications
4. Energy
5. Transportation
6. Water
7. Health Services
8. Government
9. Emergency services
10. Food and Agriculture
The Policy recognizes the critical and
highly interdependent nature of the CNII and
aims to develop and establish a comprehensive
programme and a series of frameworks that
will ensure the effectiveness of cyber security
controls over vital assets. It has been developed
to ensure that the CNII are protected to a level
that commensurate the risks faced.
The Eight Policy Thrusts
THRUST 1: Effective Governance
Centralise co-ordination of national cyber
security initiatives
●●
6
14
VOL 58 APRIL 2013 2014
VOL 55 JUNE – JUNE
Promote effective co-operation between
public and private sectors
Establish formal and encourage informal
●●
information sharing exchanges.
Thrust Driver: National Security Council
THRUST 2: Legislative & Regulatory Framework
Review and enhance Malaysia’s cyber laws
●●
to address the dynamic nature of cyber
security threats
Establish progressive capacity building
●●
programmes for national law enforcement
agencies
Ensure that all applicable local legislation
●●
is complementary to and in harmony with
international laws, treaties and conventions.
Thrust Driver: Attorney General’s Chambers
THRUST 3: Cyber Security Technology
Framework
Develop a national cyber security technology
●●
framework that specifies cyber security
requirement controls and baselines for CNII
elements
Implement
an
evaluation/certification
●●
programme for cyber security product and
systems
Thrust Driver: CyberSecurity Malaysia
THRUST 4: Culture of security and Capacity
Building
Develop, foster and maintain a national
●●
culture of security
Standardise and co-ordinate cyber security
●●
awareness and education programmes
across all elements of the CNII
Establish an effective mechanism for cyber
●●
security knowledge dissemination at the
national level
Identify
minimum
requirements
and
●●
qualifications for information security
professionals
●●