Niser to train local security consultants
By I-Mei Low
16th April 2001 (NST - Computimes)

NEWLY formed National ICT Security and Emergency Response Centre (Niser) will begin an accreditation programme to produce qualified information and communications technology (ICT) security consultants in Malaysia.

Its director Major Husin Jazri said the centre will be working with US-based ICT security body, System Administration and Network Security (SANS), to provide technical training and security certification courses for local ICT professionals.

Under the collaboration, Niser will initially be hosting the courses in Malaysia while SANS will provide training material, instructors and certification examination.

Husin said over time, Niser will be conducting some SANS courses using locally qualified trainers from the initial batch of participants.

The accreditation programme has three levels. The foundation, called Level One or Global Incident Analysis Centre Security Essential Certification (GSEC), has 19 modules ranging from understanding Internet threats to perimeter protection to password cracking and to auditing,

"Level One may be conducted over the Web or in live classes. Over the Web, the student passes quizzes for each module to ensure mastery. When all modules are completed, he may sit for a comprehensive certification examination," Husin explained.

The second level has much more advanced training in intrusion detection analysis, firewalls and perimeter protection, incident handling and hacker exploits, and Windows and Unix security.

For each of these areas, the person who seeks certification completes an intensive immersion curriculum and a comprehensive exam. If the examination score is high enough, the candidate is offered a set of practical exercises that allows him or her to demonstrate the needed skills.

'Only when the coursework, the examination and the practical exercises are completed successfully, is the person awarded certification," Husin said.

The third level of certification is awarded to people who have mastered multiple Level Two disciplines.

Husin said for a start, Niser plans to target at least 30 local ICT professionals to be certified at Level One of the accreditation programme, and 10 for Levels Two and Three.

According to him, the SANS/Niser accreditation programme is open to all.

'Once trained, the consultants would work with the Government and private sectors, communities and individuals to address ICT security issues. These highly-specialised team will be given the task to handle vast and complex areas of ICT security issues," he said.

According to Husin, the accreditation programme is timely as there is currently a shortage of ICT security personnel which is a common phenomenon in more advanced countries as well.

Based on Niser statistics, from August 1997 to March this year, Malaysia has experienced an accumulated of 1,713 ICT security cases with an average of 400 cases per year. Security threats in the Government were the highest in 2000 with a total of 27 cases of abuse, followed by the private sector with 19 cases.

"The state of ICT security in both the public and private sectors in Malaysia is about the same but the figures collected shows that Malaysia's state of ICT security is pressing," Husin said.

He believes the high rate of ICT security breaches is due to people, business processes and technology vulnerabilities.

"People bring about bad habits and manage things on the expense of security. Business processes are sometimes not thorough enough," he said. "Technology vulnerability gives intruders the advantage as it enables them to find one to get the public's attention. But it's a system administrator's job to patch these security holes and sometimes the good work go unnoticed."