Www.cmc.gov.my © Malaysian Communications and Multimedia Commission 1 Malaysia’s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager,

Slides:



Advertisements
Similar presentations
A strategy for a Secure Information Society –
Advertisements

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts
Steps towards E-Government in Syria
Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.
1 African ICT Roadmap to Achieve NEPAD Objectives Arusha, Tanzania, 1-3 April 2003 Roles of Government and ATU in the Implementation of NEPAD ICT objectives.
February 2007Federal Regulatory Improvement Commission.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
1 Regional policy The Resource BOOK of PPP case studies Second International workshop on PPP Brussels 5th July Roberto Ridolfi.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
EACO, WORKING GROUP 10 E-WASTE WORKSHOP REPORT
(Geneva, Switzerland, September 2014)
Regulatory Body MODIFIED Day 8 – Lecture 3.
Jasminka Dzumhur, Ombudsperson of BiH “Role of national human rights institutions” Ljubljana, 1. December 2014.
RATIFICATION OF FINAL ACTS AND DECISIONS OF THE 1999 BEIJING CONGRESS – UNIVERSAL POSTAL UNION.
E-Waste Management Policy and Strategy in Uganda
Colombo, Sri Lanka, 7-10 April 2009 The National IPv6 Roadmap and its Regulatory Role Prof Dr Sureswaran Ramadass, National Advanced IPv6 Centre Of Excellence.
END OF PROJECT WORKSHOP OCTOBER 2008 TO JUNE 2013 PRESENTATION BY HELLEN LOTARA ACHIRO UNDERSECRETARY, LABOUR MINISTRY OF LABOUR, PUBLIC SERVICE & HUMAN.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Chemical Industries Council of Malaysia Responsible Care  APEC CHEMICAL DIALOGUE 9th Asia Pacific Responsible Care Conference November 16, 2005 * EDSA.
 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.
BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”
Consumer And Corporate Regulation Division Presentation to Corporate Rebels: How to ensure sound Credit Law Reform. 15 OCTOBER 2014.
Building Capacities for Management of IPRs in Countries in Transition. WIPO Tools. Tbilisi, November 12, 2012 Mr. Michal Svantner, Director, Division for.
MINERAL RESOURCES DEVELOPMENT POLICY(2013) 14 th February 2014 MINISTRY OF MINES, ENERGY AND WATER DEVELOPMENT 1.
Establishment and Development of the Internal Audit System for the Public Sector in Kyrgyz Republic INTERNAL AUDIT COMMUNITY OF PRACTICE ISTANBUL
1 National Electronic Commerce Strategies The Malaysian Experience Ho Siew Ching Ministry of International Trade and Industry Malaysia Expert Meeting on.
LEFIS W2 Posgraduate Workshop 1 LEFIS, WG 2 Postgraduate studies Meeting, Rotterdam.
STRUCTURE AND FUNCTIONS OF COMPETITION AGENCIES. GENERAL STRUCTURE OF CA CAs differ in size, structure and complexity The structure depicts power distribution.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
Malaysia’s strategy to combat SPAM Anti-SPAM Strategies: The Way Forward for the ASEAN Telecommunications Regulators Council (ATRC) Toh Swee Hoe Malaysian.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,
Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:
ASIA-PACIFIC TELECOMMUNITY (APT) “Key Activities and Programs” TCT/TTA Joint Seminar “NGN Broadband Development and Implementation” 29 January 2009 By:
Bangkok, Thailand, 25 Aug 2014 Mongolian ICT sector standardization Chuluunbat Tsendsuren Type Approval Officer Communications Regulatory Commission of.
Week 3 E-GOVERNMENT. Security PRIVACY Learning outcome At the end of this slide, student can: 1) Explain the network security 2) Understand the contribution.
Kavala Workshop 1-2 June 2006 Legal protection of Transitional Waters [in the Cadses area]: A comparative analysis Dr. Petros Patronos / Dr. Liliana Maslarova.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
RECOMMENDATIONS FOR THE INSTITUTIONALIZATION OF THE ACTIVITIES OF THE REMJA WORKING GROUP ON MUTUAL LEGAL ASSISTANCE IN CRIMINAL MATTERS AND EXTRADITION.
1 The 2006 Asian Roundtable on Corporate Governance Enforcement Revisited/Boardroom Practices Motoyuki YUFU Principal Administrator Outreach Unit for Financial.
MODEL POLICY FRAMEWORK FOR E-WASTE MANAGEMENT IN THE EAST AFRICAN REGION Nakiguli Helen Cynthia, Uganda Communications Commission,
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Regulatory Authority.
International Telecommunication Union Accra, Ghana, June 2009 Towards Cyber Security - Kenyan Experience Christopher Kemei, Asst. Director Licensing.
Technical Meeting on Milestones for nuclear power infrastructure development Radiation Protection Khammar Mrabit Head, Regulatory Infrastructure and Transport.
National Public Health Performance Standards Local Assessment Instrument Essential Service:6 Enforce Laws and Regulations that Protect Health and Ensure.
 The East African Communications Organization (EACO) is an inter- governmental organization established by ICT regulators and operators from the East.
1 |Suruhanjaya Komunikasi & Multimedia Malaysia| BROADCASTING REGULATIONS IN MALAYSIA UNDER THE COMMUNICATIONS AND MULTIMEDIA ACT th ABU Copyright.
Adjusting the Organization of National Statistical Systems to Emerging Issues CENTRAL STATISTICS ORGANIZATION AFGHANISTAN by: Abdul Rahman Ghafoori President.
Future needs for capacity building and recommendations to the OIE Dr Sarah Kahn Consultant to the OIE
 ROAD SAFETY: the European Union Policy European Commission, Directorate General for Mobility & Transport «Road Safety.
Reforms in the Albanian Public Procurement System 7 th Regional Public Procurement Forum Tbilisi, Georgia May 16-19, 2011 PUBLIC PROCUREMENT AGENCY 1.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
1 Planning & Developing Copyright Policies in the Countries: Pending Issues Malaysia WIPO Study Visit to the Copyright Commission of Korea 19 – 23 November.
DDPQ 1612: INFORMATION COMMUNICATION TECHNOLOGY (ICT) LECTURE 1.
THE GLOBAL NUCLEAR SAFETY AND SECURITY NETWORK-GNSSN Lingquan Guo Safety Knowledge Networks Safety And Security Coordination Section Department of Nuclear.
Supervision of Insurance Market Conduct in Canada
Ratification of African Telecommunications Union (ATU) Convention of  
Cybersecurity in the ECOWAS region
PRESENTATION OF MONTENEGRO
8 Building Blocks of National Cyber Strategies
AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele
IT/ICT? Please define...
H Horse Care H2.7b Improve Practices
The GATS Waiver – some key issues
Malcolm Johnson, Director, Telecommunication Standardization Bureau
The National IPv6 Roadmap and its Regulatory Role
UNODC and CYBERCRIME October 2009.
Presentation transcript:

© Malaysian Communications and Multimedia Commission 1 Malaysia’s Approach to Network Security Bistamam Siru Abdul Rahman, General Manager, Industry Development Division, Malaysian Communications and Multimedia Commission

© Malaysian Communications and Multimedia Commission 2 Background MCMC is a statutory body established under the Malaysian Communications and Multimedia Commission Act 1998 to regulate and nurture the communications and multimedia industry in Malaysia in accordance with the national policy objectives set out in the Communications and Multimedia Act 1998 (CMA). The MCMC is also charged with overseeing the new regulatory framework for the converging industries of telecommunications, broadcast and online activities. The 10 th National Policy Objective, as stated in the CMA, requires the Commission to ensure information security and the integrity and reliability of the network for the country

© Malaysian Communications and Multimedia Commission 3 Laws and Policies S. 3 (2) (j) CMA “to ensure information security and network reliability and integrity Communications and Multimedia Act 1998 (CMA) Computer Crimes Act 1997 Under the CMA, the Commission is entrusted to ensure information security and the reliability and integrity of the network. Legal issues relating to network security are addressed in the Communications and Multimedia Act and the Computer Crimes Act For example, fraudulent use of network, improper use of network facilities/services and interception of communications are addressed in the CMA. Under the Computer Crimes Act, acts such as unauthorized access to computer material and with intent to commit or facilitate commission of further offence, unauthorized modification of contents of any computer and wrongful communication is addressed. Digital Signature Act 1998

© Malaysian Communications and Multimedia Commission 4 Present Approach PublicPrivate MCMC CMA The Police CCA CMA Presently, matters relating to information and network security in the public sector is under the administration of the Malaysian Administrative Modernization and Management Planning Unit (MAMPU) Within MAMPU, there is the ICT Security Division. They recently launched the Malaysian Public Sector Management Of Information & Communications Technology Security Handbook (MyMIS) They also operate the G-CERT. However, MAMPU does not have any enforcement powers. The National IT Council gave birth to NISER to address e-security Issues of the nation and as to act as Malaysia’s CERT. NISER or the “National ICT Security and Emergency Response Center” offers research in vulnerability detection, intrusion detection and computer forensic technology. They offer their services to private and public entities. Like MAMPU’s ICT Security Division, they do not Have any enforcement powers.

© Malaysian Communications and Multimedia Commission 5 Cont; MCMC MAMPU NISER MECM DEFENCEBKN POLICE Information and Network Security INDUSTRY

© Malaysian Communications and Multimedia Commission 6 Issues (from present approach) a)Coordination b)Awareness c)Implementation of policies d)Information-sharing

© Malaysian Communications and Multimedia Commission 7 Future Plans COORDINATION CENTRE Financial Sector Information Security and Critical National Infrastructure Communications and Multimedia Energy Military Transportation Health and Emergency services Government services Water and Sewerage Central Government Industry

© Malaysian Communications and Multimedia Commission 8 The Way Forward Setting up of a centralized body that will act as a stop agency for all, private and public bodies. Malaysia’s centre ASEAN Regional Centre for Information and Network Security Malaysia will host a workshop on Information/Network Security and the Protection of Critical National Infrastructure in June. We have invited 6 organizations from Japan, S.Korea, Australia, New Zealand, UK and Canada to KL for them to share their experiences. It is hope Malaysia would be able to learn as much as possible to help us in setting up our local centralized body. Apart from the local participants, Malaysia has also extended invitations to other ASEAN countries to participate in order for ASEAN to also plan a regional centre of some sort for the benefit of ASEAN.

© Malaysian Communications and Multimedia Commission 9 Pointers for Slide # 2 Briefly explains what MCMC is and its relation/relevance to Information and Network Security. MCMC is also the Regulatory Authority for all of the ISPs operating in Malaysia. Apart from regulating and nurturing the communication and Multimedia industry in accordance with the CMA, the MCMC is also the “Controller” for the Certification Authorities under the Digital Signature Act The CMA is the only piece of regulation or law that identifies information security and the reliability and integrity of the network as a National Policy Objective. However, it does not elaborate on the process. Effectively, it is up to the organizations to fall into place.

© Malaysian Communications and Multimedia Commission 10 Pointers for Slide # 3 In approaching Network Security, the participants may want to know what are the laws and policies in Malaysia that governs network security. In Malaysia’s instance, the main statutes is the CMA and the Computer Crimes Act Within the two statutes, there are legal issues identified such as fraudulent use of network, improper use of network facilities/services and interception of communications are described in the CMA. In the CCA, acts such as unauthorized access, modification of contents and wrongful communication is addressed

© Malaysian Communications and Multimedia Commission 11 Pointers for Slide # 4 Presently, approaches to network security has a “jurisdiction” flavor to it. Security issues in the public sector is administered by MAMPU (Malaysian Administrative Modernization and Management Planning Unit) Within MAMPU is the ICT Security Division. They also operate a CERT for the Government. They had also recently launched The Malaysian Public sector Management of Information and Communications Technology Security Handbook (myMIS). The handbook is a set of guidelines concerning compliance and adherence to best practices and measures leading to information and network security. A copy is available online at All of the public sectors are asked to comply and adhere to the handbook while the private sector is encouraged. However, the ICT Security Division do not have any enforcement powers to enforce compliance.

© Malaysian Communications and Multimedia Commission 12 Cont; Whilst security issues within the public sector is “administered” by MAMPU, the National IT Council (NITC) was of the opinion that there was a need for a body that will be able to assist the private sector in dealing with security issues. Thus the NITC gave birth to the National ICT Security and Emergency Response Centre (NISER). NISER is also Malaysia’s CERT or MyCERT. They offer their services in respect of vulnerability detection, intrusion detection and forensic technology. Presently, they offer their services to both public and private sectors. Like MAMPU, NISER do not have any enforcement powers.

© Malaysian Communications and Multimedia Commission 13 Cont; In this instance, only MCMC and the Police have any enforcement powers in matters relating to Information and Network Security. The MCMC is the body entrusted to implement and promote the Government’s national policy objectives under the CMA. It has enforcement powers in relation to offences relating to network security in the CMA. The Police has “sweeping” enforcement powers. They have jurisdiction over the CMA and also the CCA. All complaints relating to network security matters will be passed to either the MCMC or/and the Police.

© Malaysian Communications and Multimedia Commission 14 Pointers for Slide # 5 As it is, organizations in Malaysia lack the coordination process. This is a point of concern as it slows the development with regards to implementation of policies, information-sharing and creating awareness. All of the organizations are “loosely” bound together and this is a disadvantage when the country needs to “react” to certain issues.

© Malaysian Communications and Multimedia Commission 15 Pointers for Slide # 6 Presently, looking at the current situation, there are 4 main concerns that need to be tackled. There is a basic lack of coordination. This is a concern when the country is to react or put into place, proactive measures. The lack of coordination results in poor sharing of information, ineffective implementation of policies and a need for awareness program. However so, the MCMC is initiating continuous awareness program on security to consumers alike. The MCMC is also undertaking a network security audit for all of the ISPs

© Malaysian Communications and Multimedia Commission 16 Pointers for Slide # 7 Future Plans: There is an urgent need for bodies, sectors and stakeholders of the country’s Critical National Infrastructure to identify a centralized body which will coordinate and facilitate the issues concerning Information and Network Security, also the Protection of Critical Infrastructure. The relevant bodies in Malaysia have met last March 8 to discuss the setting up of that “centralized body”. That centralized body will then function as Malaysia’s national body which will bind all of the critical sectors of Information and Network Security into a group to facilitate coordination process, dissemination of information and also as the nation’s centre of excellence in the field of “information and network security”.

© Malaysian Communications and Multimedia Commission 17 Pointers for Slide # 8 To jump start the initiative to set Malaysia’s own local central body for Information and Network Security, and the Protection of Critical Infrastructure, we have initiated a workshop where we have invited 6 organizations representing Japan, S.Korea, UK, Canada, New Zealand and Australia who are responsible for Information and Network Security, and the Protection of Critical Infrastructure in their own countries. The workshop will be from June Malaysia has also invited all ASEAN countries to participate in the workshop. During the workshop, Malaysia hopes to learn as much as possible on the workings of each centre, how they operate, the lessons learnt and their experiences in dealing with matters such as jurisdiction,

© Malaysian Communications and Multimedia Commission 18 Cont; coordination and so forth. We have also invited ASEAN members to participate. This is because During the last ASEAN Telecommunications Minister meeting in KL in July 2001, Malaysia mooted the idea of having a regional coordination centre/body for ASEAN on Information and Network Security. This is to allow member countries of ASEAN to interact, exchange and share information and train its members on matters relating to information and network security. Malaysia was chosen to spearhead this initiative for ASEAN and the workshop that we will be hosting in June 2002 will be the catalyst towards a new approach on network security, for Malaysia and also for ASEAN.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.