Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Securing Our CyberspaceCopyright © 2008 CyberSecurity Malaysia Slide no: 1
An Agency Under
MOSTI
Promoting a Culture of Promoting a Culture of Cyber Security Cyber Security –– Malaysia Malaysia
Case StudyCase Study
Philip VictorPhilip Victorvphilip[at]cybersecurity.my
Head, Training & OutreachCyberSecurity Malaysia
Copyright © 2008 CyberSecurity Malaysia Slide no: 2
Securing Our Cyberspace
Who Are We?Who Are We?
• Started in 1997 as Malaysian Computer Emergency Response Team (MyCERT)
• In 2001 assumed a larger role in protecting Malaysia’s Cyber Space, known as National ICT Security & Emergency Response Centre (NISER)
• In 2005, Established as a Company Limited by Guarantee under the purview of the Ministry of Science, Technology & Innovation
• In 2006, assumed role as the national cyber security agency
• In 2007, given additional mandate and renamed as CyberSecurity Malaysia
Copyright © 2008 CyberSecurity Malaysia Slide no: 3
Securing Our Cyberspace
Everyone MattersEveryone Matters
Outreach
PublicSector
PrivateSector
Communities
Copyright © 2008 CyberSecurity Malaysia Slide no: 4
Securing Our Cyberspace
OutreachOutreach
Promote safe & responsible online behaviour
Promote best practices & positive use of the Internet
To be aware of current online threats & dangers
Reaching out to all Internet users
Copyright © 2008 CyberSecurity Malaysia Slide no: 5
Securing Our Cyberspace
CoCo--operation & operation & CollaborationCollaboration
ISPs for home users
Public-Private co-operation for organisations (roadshow, portal, etc)
Ministry of Education & other relevant ministries for schools
Reaching out to all Internet users
Securing Our CyberspaceCopyright © 2008 CyberSecurity Malaysia Slide no: 6
An Agency Under
MOSTI
CyberSecurity MalaysiaCyberSecurity Malaysia’’ssInitiativesInitiatives
Copyright © 2008 CyberSecurity Malaysia Slide no: 7
Securing Our Cyberspace
The National Cyber The National Cyber Security PolicySecurity Policy
Designed to facilitate Malaysia’s move towards a knowledge-based economy
(K-Economy)
Formulated based on framework comprising:
1) Legislation and Regulatory2) Technology3) Public-Private Cooperation4) Institutional5) International
NATIONAL CYBER NATIONAL CYBER SECURITY POLICYSECURITY POLICY
Copyright © 2008 CyberSecurity Malaysia Slide no: 8
Securing Our Cyberspace
Focus Area Focus Area –– 10 Critical National 10 Critical National Information InfrastructureInformation Infrastructure
CyberSecurity CyberSecurity MalaysiaMalaysia
Banking and
FinanceNational Defense and Security
Emergency Services
Government
Health ServicesWater
Transportation
Energy
Information and
Communication
Food and Agriculture
Copyright © 2008 CyberSecurity Malaysia Slide no: 9
Securing Our Cyberspace
The 8 Policy ThrustThe 8 Policy Thrust
INTERNATIONAL COOPERATION
COMPLIANCE &ENFORCEMENT
CYBER SECURITY EMERGENCY READINESS
RESEARCH & DEVELOPMENT TOWARDS SELF-RELIANCE
CULTURE OF SECURITY & CAPACITY BUILDING
CYBER SECURITY TECHNOLOGY FRAMEWORK
LEGISLATIVE & REGULATORY FRAMEWORK
EFFECTIVE GOVERNANCE
NATIONAL NATIONAL CYBER CYBER
SECURITY SECURITY POLICYPOLICY
Securing Our CyberspaceCopyright © 2008 CyberSecurity Malaysia Slide no: 10
An Agency Under
MOSTI
Information Security Information Security Competency DevelopmentCompetency Development
To create knowledge workers through skill development programs and professional
certification in Information Security
Copyright © 2008 CyberSecurity Malaysia Slide no: 11
Securing Our Cyberspace
Information Security Information Security Professional CertificationProfessional Certification
8040
10142
15054
15171 203
6217
2010
50100150200250
2005 2006 2007
Information Security Professionals in Malaysia
(ISC)2SANSDRI/BCIISACA
Copyright © 2008 CyberSecurity Malaysia Slide no: 12
Securing Our Cyberspace
Professional DevelopmentProfessional Development
70
97
148
0
50
100
150
2005 2006 2007
Skill Developement for IT Professionals
TrainedProfessionals
Copyright © 2008 CyberSecurity Malaysia Slide no: 13
Securing Our Cyberspace
Other InitiativesOther Initiatives
• CyberlawComputer Crime Act 1997
Digital Signature Act 1997
Copyright Act 1997
Communications & Multimedia Act 1998
Telemedicine Act
Copyright © 2008 CyberSecurity Malaysia Slide no: 14
Securing Our Cyberspace
StandardsStandards
• Promotion of information security related standards to public & private sectors for greater adoption:
ISO27001/ISO17799
BCM Standard
Common Criteria
Securing Our CyberspaceCopyright © 2008 CyberSecurity Malaysia Slide no: 15
An Agency Under
MOSTI
CyberSecurity MalaysiaCyberSecurity MalaysiaOutreach ProgramsOutreach Programs
To build a culture of security through awareness programs to target groups (kids/teenagers,
parents/professionals & organisations)
Copyright © 2008 CyberSecurity Malaysia Slide no: 16
Securing Our Cyberspace
CYBER SECURITY AND INTERNET SAFETY AWARENESS CAMPAIGN
Web
Poster
Publication
Exhibition & Road Show
Video clips
Safety GuideOther
industry partners
Content Partners
International CERT
Communities
MOSTI
MOHE
MOE
MOI
KPWKM
Content Channels
Children / students
Parents/home users
Organizations
Target Audience
Content Localization & Packaging
Outreach ProgramOutreach Program
Copyright © 2008 CyberSecurity Malaysia Slide no: 17
Securing Our Cyberspace
Critical Information Infrastructure Protection Awareness Workshop
Copyright © 2008 CyberSecurity Malaysia Slide no: 18
Securing Our Cyberspace
INFOSEC.my Information Security Annual ConferenceINFOSEC.my Information Security Annual Conference
Copyright © 2008 CyberSecurity Malaysia Slide no: 19
Securing Our Cyberspace
INFOSEC.my Knowledge Sharing SessionINFOSEC.my Knowledge Sharing Session
Copyright © 2008 CyberSecurity Malaysia Slide no: 20
Securing Our Cyberspace
INFOSEC.my Knowledge Sharing SessionINFOSEC.my Knowledge Sharing Session
Reaching out to the schools & communities
Copyright © 2008 CyberSecurity Malaysia Slide no: 21
Securing Our Cyberspace
Awareness Portal Awareness Portal –– www.esecurity.org.mywww.esecurity.org.my
Copyright © 2008 CyberSecurity Malaysia Slide no: 22
Securing Our Cyberspace
(schools, public & organisations)(schools, public & organisations)
Awareness PostersAwareness Posters
Copyright © 2008 CyberSecurity Malaysia Slide no: 23
Securing Our Cyberspace
Information Security Information Security Newsletter Newsletter (quarterly publication)(quarterly publication)
Copyright © 2008 CyberSecurity Malaysia Slide no: 24
Securing Our Cyberspace
Awareness MessagesAwareness Messages
Copyright © 2008 CyberSecurity Malaysia Slide no: 25
Securing Our Cyberspace
Information Security Information Security BrochuresBrochures
Parent’s Guide to Internet Safety Teenager Guide to Internet Safety
Copyright © 2008 CyberSecurity Malaysia Slide no: 26
Securing Our Cyberspace
Awareness VideosAwareness Videos
Email & SpamEmail & Spam Safe ChattingSafe Chatting
Cyber StalkingCyber StalkingCyber Stalking
Safe Internet BankingSafe Internet BankingSafe Internet Banking
Copyright © 2008 CyberSecurity Malaysia Slide no: 27
Securing Our Cyberspace
Exhibition & Road ShowExhibition & Road Show
Copyright © 2008 CyberSecurity Malaysia Slide no: 28
Securing Our Cyberspace
Lessons Learnt & ConclusionLessons Learnt & Conclusion
• Information security strategies must cover all user groups
• Public-private co-operation is crucial in building a security culture
• Security is everyone’s responsibility and starts at the top management
• Adoption of international standards and best practices is crucial in creating the competitive advantage (e.g. ISO 17799)
• Awareness & education must be deployed throughout the organisations and include all vendors & and alliances
Securing Our CyberspaceCopyright © 2008 CyberSecurity Malaysia Slide no: 29
An Agency Under
MOSTI
Level 7, Level 7, Sapura@MINESSapura@MINESNo. 7, Jalan Tasik, The Mines Resort CityNo. 7, Jalan Tasik, The Mines Resort City
43300 Seri Kembangan, Selangor Darul Ehsan, Malaysia43300 Seri Kembangan, Selangor Darul Ehsan, MalaysiaTel: +60 3 8992 6888 Fax: +60 3 8945 3205Tel: +60 3 8992 6888 Fax: +60 3 8945 3205
MyCERT: Tel: +60 3 8992 6969 / Fax: +60 3 8945 3442MyCERT: Tel: +60 3 8992 6969 / Fax: +60 3 8945 3442training[at]cybersecurity.org.mytraining[at]cybersecurity.org.my
Thank YouThank You
Website: http://www.cybersecurity.org.myFor General Inquiries: [email protected]: http://www.esecurity.org.myMyCERT: http://www.mycert.org.my