Jamaludin: A holistic view of security needed
3rd October 2005 (The Star)
BY H. AMIR KHALID

KUALA LUMPUR: Malaysia needs to place greater importance on addressing security issues if it wants to remain competitive in the ICT (information and communications technology) world.

Science, Technology and Innovation Minister Datuk Seri Dr Jamaludin Jarjis said this is why the Government is currently working on a draft of the National Information Security Policy (NISP).

"Despite what (the Government) has done so far, I still believe it will not be adequate until the world is standing together with one view in addressing cyber threats," he said.

"Just as physical borders are nonexistent in cyberspace, protection must now involve wider engagement, one that includes global partners," he added.

Jamaludin was speaking to reporters after officiating the e-Secure Malaysia 2005 conference at the Putra World Trade Centre here last week.

The NISP would address the institutional arrangements, cooperation between the public and private sectors, regulatory issues and the technology framework, Jamaludin said.

He said the aim of the NISP is to ensure that all security efforts are well coordinated, and that the Information Security Management System (ISMS) and the Common Criteria Evaluation Scheme (CCES) are implemented properly.

The ISMS is a systematic approach to monitoring the security of sensitive information in an organisation while CCES is a standard methodology for evaluating IT security.

Jamaludin also said several government institutions would play a part in implementing the policy.

These included the Malaysian Communications and Multimedia Commission (MCMC), the National ICT Security and Emergency Response Centre (Niser), the Government ICT Security Division in the Prime Minister's Department, and the Royal Malaysian Police's Cyber Crime and Computer Forensics Units.

At the event, Niser signed up with Microsoft Corp's Security Cooperation Programme (SCP). Under the agreement, Niser would advise all participants in the programme on ICT threats and exchange information with other programme participants.

The three key areas of the SCP are incident response, attack mitigation and citizen outreach.