Having trouble viewing this email? View it in your browser.

csm-ace 2012

CyberSecurity Malaysia –“CyberNEWS”

Bahasa | English

Issue 4 | Quarter 4 - 2013

9th General Conference Of The Council For Security Cooperation In The Asia Pacific (CSCAP)

The 9th General Conference Of The Council For Security Cooperation in The Asia Pacific gathered participants from various countries in the Asia Pacific region to share their respective knowledge, information and experience. During the conference, political, security and challenges in cyber security faced by the countries were discussed.

21 participants consists of members of the association from Asia Pacific countries attended the conference.  

Dr. Amirudin Abdul Wahab, Chief Executive Officer of CyberSecurity Malaysia and Lt. Col. Sazali Sukardi (Retired), Vice President Research, CyberSecurity Malaysia represented CyberSecurity Malaysia at the forum. Amongst other participants including representatives from Thailand, Australia, New Zealand and others.

The event was officiated by MA Zhenggang, President of CSCAP China and Leela K Ponappa, Vice President CSCAP China.

During the conference, Dr. Amirudin was invited as the spokesperson for CSCAP Malaysia and presented a working paper on “Building a Secure and Open Cyberspace through Cooperation”. During the presentation, he explained the importance of cyber security where the demand by organisations that places importance on cyber security is on the rise.

Apart from Malaysia, representatives from Australia, Thailand, India, Japan and other members of the association also shared their opinions and experiences in various topics during discussions throughout the forum.

CyberSecurity Malaysia’s involvement in the 9th General Conference of the Council for Security Cooperation in the Asia Pacific provided an opportunity to introduce the organisation and develop close relationship with other countries that are viewed as experts in the area of cyber security.
ICT Product Security Assessment (IPSA) Workshop

On the 4 to 5 December 2013, CyberSecurity Malaysia has organised ICT Product Security Assesment (IPSA) Workshop at the Le Meridien Hotel, Kuala Lumpur. The workshop aimed to attract 30 participants representing industries who are interested to assess the security levels of their products as well as to learn more about the art of writing Common Criteria technical documents i.e Security Target LITE.

Among the objectives of the workshop is to provide training in the following areas :

  1. Technical documentation for the purpose of IPSA.
  2. Preparation of Security Target LITE and other evidences.

CyberSecurity Malaysia officers Wan Shafiuddin Zainudin, Dahari Jarno, Norahana Salimin, Zarina Musa and Siti Fatimah were the facilitators and presenters during the workshop.

About 32 participants from 14 organisations participated in IPSA Wokshop and 27 participants from 11 organisations participated in both workshops.

The following is the list of organisations involved: 
  1. eBdesk Malaysia Sdn Bhd
  2. Datasonis Technologies Sdn Bhd
  3. Cyberintelligence Sdn Bhd
  4. EPIC Malaysia Sdn Bhd
  5. IRIS Corporation Berhad
  6. TOMMS Systems Sdn Bhd
  7. Tecforte
  8. TriAset Sdn Bhd
  9. Megaplus Technologies Sdn Bhd
  10. LocalHost
  11. Infotect Security Pte Ltd

IPSA is one of the evaluation aspects of Common Criteria standard (CC) where it focuses on Security Functional Testing and Vulnerability Assessment of the ICT product intended for security level evaluation.

Due to the high number of positive feedbacks received from various parties who are interested to carry out IPSA evaluation, CyberSecurity Malaysia has taken the initiative to organise IPSA workshop specifically for the development of Malaysian ICT products.  

Overall, participants were exposed to the theoretical and practical knowledge on the concept of IT security IPSA evaluation in general.
Intensive Course by Indonesian Security Incident Response Team on Internet and Infrastructure/Coordination Center (Id-SIRTII/CC)

CyberSecurity Malaysia received 6 representatives from Indonesian Security Incident Response Team on Internet and Infrastructure/Coordination Center (Id-SIRTII/CC) to undergo an intensive training program from 9 to 29 December 2013. Participants consist of Id-SIRTII/CC incident handling analysts lead by Mohammad Ali Syarief.

The purpose of this course is to provide information, explanation and training on cyber security incident handling to members of Id-SIRTII/CC.

Through this intensive program, participants were exposed to the roles of CyberSecurity Malaysia in implementing cyber security policy at national level. It provided Id-SIRTII/CC with an accurate view on policy implementation, management, blue print and policy implementation that will be drafted soon. CyberSecurity Malaysia also was recognized as cyber security incident handling training provider.
Memorandum of Understanding Signing Ceremony between University Putra Malaysia (UPM) and CyberSecurity Malaysia

UPM and CyberSecurity Malaysia agreed that there are a lot of opportunities to establish academic cooperation between both parties and to increase cooperation as well as interaction in the area of cyber security especially in cryptography.
Hence, both organisations have taken the initiative to establish cooperation with the signing of Memorandum of Understanding (MoU) to implement cooperation programs as below:

  1. Cooperation in the areas of research, education and training activities that focuses on mutual benefits;
  2. Organise activities such as courses, conferences, seminars, symposiums or lectures or other activities in the areas of cryptology;
  3. Exchange of publications and other materials for mutual benefits;
  4. Cooperate to search for external support resources to sponsor planned cooperation efforts;
  5. Create a knowledge sharing platform between government agencies, communicate and exchange information on cryptology;
  6. Cooperate in other areas with mutual consent from all parties
The Memorandum of Understanding was signed at UPM by Prof. Dr.-Ing. Ir. Renuganth Varatharajoo, Assistant Vice Chancellor, Industry and Community Network, UPM and Dr. Amirudin Abdul Wahab, Chief Executive Officer represented CyberSecurity Malaysia.
2nd National Conference On Information Assurance 2013

This conference was a platform to explore current trends, technologies, developments, challenges and industry best practices in the area of cyber security and information assurance.

Apart from this, the conference is also a platform for the experts and researchers from academic, industry and government to share their knowledge and experience in the areas of cyber security.

This conference benefitted the communities and organisations of the researchers from academic and industry to:

  1. Provide exposure and education to the participants on current trends and technology in information assurance;
  2. Gather academicians, industry researchers and professionals under a single platform to enable cooperation and connection with the industry;
  3. Prepare a discussion forum on the need and growth of information security in Pakistan and its future prospects;
  4. Highlight the need and importance of information assurance in public and private sectors;
  5. Provide exposure on information security tools and software.

During the conference Dr. Solahuddin bin Shamsuddin, Chief Technology Officer of CyberSecurity Malaysia made a presentation on “MyCERT as National Computer Emergency Response Team (CERT)”.

Training for Sarawak Energy Sdn Bhd

The training program for Sarawak Energy Sdn Bhd aimed to share the knowledge in the areas of digital forensic specifically in terms of terminologies and specific knowledge for the participants.

This training has enabled participants to understand digital forensic in terms of :

  1. Digital forensic and analysis investigation methods;
  2. Current digital technologies;
  3. How to obtain digital evidences from crime scenes;
  4. Type of data that can be extracted from digital media.
Guidelines and Best Practices Development for Information Security

Security Management and Best Practices Department in CyberSecurity Malaysia is responsible to develop and prepare documentation on information security. In 2013, a total of 3 documents where developed consists of 2 guidelines and 1 best practices.

The development of these guidelines and best practices are to be used by the private and public organisations as well as the general public as a guide in handling information security related issues.

Below are the guidelines and best practices which have been developed by CyberSecurity Malaysia:

  1. Best Practices for Safer Wireless Surfing – published on 30 December 2013. It is now available and can be downloaded from CyberSecurity Malaysia website – www.cybersecurity.my
  2. Guideline on Cyber Bullying – is under development process.

Development of these guidelines and best practices has given the opportunity for CyberSecurity Malaysia to share knowledge and experience in information security with the public and private organisations as well as the community at large.

This initiative should be continued so that private organisaztions, public sectors and community will continue to receive information and best methods in handling information security issues.

Cyber Security Awareness Program – CyberSAFE in October 2013

Various activities under cyber security awareness program or CyberSAFE were carried out in the month of December 2013 to improve information security awareness levels among public and private organisations as well as the communities with special focus on school children and teenagers. These activities highlighted cyber security issues and best methods to handle and prevent from becoming victims of cyber threats.

Among the information security awareness programs that were carried out in the fourth quarter of 2013 include:

Date Program Venue
3 December 2013 Seminar Kesedaran ICT
ICT Awareness Seminar
UiTM Cawangan Johor
UiTM, Johor Branch
5 December 2013 Group Kem Cuti Sekolah
Group  School Holidays Camp
Excel Training Resort, Ulu Beranang
5 December 2013 Ethical & Professional Talk in IT UiTM Kedah
10 December 2013 Security Awareness Air Product Shared Services, KL
12 December 2013 Awareness on cybersafety Level 41, Tower 1, Petronas Twin Tower, KLCC
18 December 2013 Seminar Kesedaran ICT Dewan Harmoni, Bahagian Hal Ehwal Undang-Undang, Putrajaya
19 December 2013 Social Media Dewan Serbaguna MOA, Putrajaya

The cyber security awareness programs are able to promote initiatives and services offered by CyberSecurity Malaysia such as Cyber999 and CyberSAFE portal. The program is also able to create awareness on the threats face by the Internet and computer users and the changes in our daily life in line with the advancement of communication technology.