ISMS Cert must for these 57 Sabah groups
12 May 2010 (Daily Express)

Kota Kinabalu: A total of 455 organisations identified as Critical National Information Infrastructure (CNII) in the country are required to attain the Information Security Management System (ISMS) certification within three years.

These CNII, including 57 in Sabah, comprise organisations in 10 important sectors in the country like banking and finance, transportation and government departments, among others.

Speaking to reporters after opening the Sabah and Labuan level Security Management Dialogue and ISMS Awareness Workshop here, Tuesday, State Secretary Datuk Sukarti Wakiman said the ISMS certification was important to ensure CNII establishments have a solid system to protect the confidentiality, integrity and availability of information.

The ISMS certification, which is internationally recognised, is almost the equivalent of the quality management standard of ISO except that this is for the quality of information management.

With an asset value of RM200 billion - of which 15 per cent comes from Malaysian Borneo - concerning the critical infrastructures nationwide presently, he said the country is set to lose at least five-fold from that figure in the event of malfunctions or sabotage.

Organised by the Chief Government Security Office (CGSO) under the Prime Minister's Department and CyberSecurity Malaysia, the event was aimed at raising awareness about the ISMS certification for CNII organisations.

CGSO Director-General, Datuk Johari Hj Jamaluddin said the 455 identified CNIIs are pooled under two categories, depending on the urgency of the information they possessed.

"However, this number of CNIIs will keep adding because there are a few installations underway and some in the planning stages," he said.

CyberSecurity CEO, Zahri Yunos said although the 455 organisations must obtain the ISMS certification in three years from last February, as decided by the Government, other establishments could also adopt the ISMS or get its certification.

"The target is to upgrade (the system) because at the end of the day it is about quality.

"If we adopt an internationally recognised standard then of course the quality and information are more secured and more people are aware of it," he said.