Promoting a Culture of Cyber Security – Malaysia

advertisement
An Agency Under
MOSTI
Promoting a Culture of
Cyber Security – Malaysia
Case Study
Philip Victor
vphilip[at]cybersecurity.my
Head, Training & Outreach
CyberSecurity Malaysia
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 1
Who Are We?
• Started in 1997 as Malaysian Computer Emergency
Response Team (MyCERT)
• In 2001 assumed a larger role in protecting Malaysia’s
Cyber Space, known as National ICT Security & Emergency
Response Centre (NISER)
• In 2005, Established as a Company Limited by Guarantee
under the purview of the Ministry of Science, Technology &
Innovation
• In 2006, assumed role as the national cyber security agency
• In 2007, given additional mandate and renamed as
CyberSecurity Malaysia
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 2
Everyone Matters
Public
Sector
Outreach
Communities
Private
Sector
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 3
Outreach
Reaching out to all Internet users
To be aware of current online
threats & dangers
Promote safe & responsible
online behaviour
Promote best practices &
positive use of the Internet
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 4
Co-operation &
Collaboration
Reaching out to all Internet users
Ministry of Education & other relevant
ministries for schools
ISPs for home users
Public-Private co-operation for
organisations (roadshow, portal, etc)
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 5
An Agency Under
MOSTI
CyberSecurity Malaysia’s
Initiatives
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 6
The National Cyber
Security Policy
NATIONAL CYBER
SECURITY POLICY
Designed to facilitate
Malaysia’s move towards a
knowledge-based economy
(K-Economy)
Formulated based on framework
comprising:
1) Legislation and Regulatory
2) Technology
3) Public-Private Cooperation
4) Institutional
5) International
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 7
Focus Area – 10 Critical National
Information Infrastructure
National Defense
and Security
Emergency Services
Government
Banking
and
Finance
Food and Agriculture
Information
and
Communication
CyberSecurity
Malaysia
Energy
Transportation
Health Services
Water
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 8
The 8 Policy Thrust
INTERNATIONAL COOPERATION
COMPLIANCE &
ENFORCEMENT
EFFECTIVE GOVERNANCE
NATIONAL
CYBER
SECURITY
POLICY
CYBER SECURITY
EMERGENCY READINESS
RESEARCH & DEVELOPMENT
TOWARDS SELF-RELIANCE
LEGISLATIVE & REGULATORY
FRAMEWORK
CYBER SECURITY
TECHNOLOGY FRAMEWORK
CULTURE OF SECURITY
& CAPACITY BUILDING
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 9
An Agency Under
MOSTI
Information Security
Competency Development
To create knowledge workers through skill
development programs and professional
certification in Information Security
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 10
Information Security
Professional Certification
Information Security Professionals
in Malaysia
01
2
2
6
4
5
0
2005
2006
7
1
5
1
0
1
0
4
50
2
0
8
100
1
150
1
42
200
50
1
71
03
250
(ISC)2
SANS
DRI/BCI
ISACA
2007
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 11
Professional Development
Skill Developement for IT
Professionals
8
14
150
97
100
70
Trained
Professionals
50
0
2005
2006
2007
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 12
Other Initiatives
• Cyberlaw
ƒ Computer Crime Act 1997
ƒ Digital Signature Act 1997
ƒ Copyright Act 1997
ƒ Communications & Multimedia Act 1998
ƒ Telemedicine Act
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 13
Standards
• Promotion of information security related standards
to public & private sectors for greater adoption:
ƒ ISO27001/ISO17799
ƒ BCM Standard
ƒ Common Criteria
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 14
An Agency Under
MOSTI
CyberSecurity Malaysia
Outreach Programs
To build a culture of security through awareness
programs to target groups (kids/teenagers,
parents/professionals & organisations)
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 15
Outreach Program
CYBER SECURITY AND INTERNET SAFETY AWARENESS CAMPAIGN
Content
Partners
Content Localization & Packaging
Content
Channels
Target
Audience
MOSTI
Children / students
MOHE
Video clips
MOE
Publication
Web
International
CERT
Communities
Other
industry
partners
Parents/
home users
KPWKM
Safety
Guide
Poster
Exhibition &
Road Show
MOI
Organizations
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 16
Critical Information Infrastructure Protection Awareness Workshop
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 17
INFOSEC.my Information Security Annual Conference
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 18
INFOSEC.my Knowledge Sharing Session
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 19
INFOSEC.my Knowledge Sharing Session
Reaching out to the schools & communities
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 20
Awareness Portal – www.esecurity.org.my
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 21
Awareness Posters
(schools, public & organisations)
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 22
Information Security
Newsletter (quarterly publication)
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 23
Awareness Messages
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 24
Information Security
Brochures
Parent’s Guide to Internet Safety
Teenager Guide to Internet Safety
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 25
Awareness Videos
Safe Chatting
Email & Spam
Safe Internet Banking
Cyber Stalking
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 26
Exhibition & Road Show
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 27
Lessons Learnt & Conclusion
• Information security strategies must cover all user groups
• Public-private co-operation is crucial in building a security
culture
• Security is everyone’s responsibility and starts at the top
management
• Adoption of international standards and best practices is
crucial in creating the competitive advantage (e.g. ISO
17799)
• Awareness & education must be deployed throughout the
organisations and include all vendors & and alliances
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 28
An Agency Under
Thank You
MOSTI
Level 7, Sapura@MINES
No. 7, Jalan Tasik, The Mines Resort City
43300 Seri Kembangan, Selangor Darul Ehsan, Malaysia
Tel: +60 3 8992 6888 Fax: +60 3 8945 3205
MyCERT: Tel: +60 3 8992 6969 / Fax: +60 3 8945 3442
training[at]cybersecurity.org.my
Website: http://www.cybersecurity.org.my
For General Inquiries: info@cybersecurity.org.my
E-security: http://www.esecurity.org.my
MyCERT: http://www.mycert.org.my
Securing Our Cyberspace
Copyright © 2008 CyberSecurity Malaysia
Slide no: 29
Download