Malaysia Vulnerability Assessment Centre (MyVAC)

Malaysia Vulnerability Assessment Centre or MyVAC is a department within CyberSecurity Malaysia. The centre is formed to enhance the national information security ecosystem and increase nation's ability in defending against cyber threats and exploitation due to information systems and technology vulnerabilities.


The implementation of this centre will also emphasize on the development of critical technology laboratories as well as infrastructure; and security expertise in the area of Internet of Things (IoT), Software Development Lifecycle (SDLC) and Industrial Control System (ICS).


MyVAC recognizes the importance of having vulnerability assessment laboratories for critical information systems and technologies. In the laboratory (test bed), MyVAC analysts conduct assessments, identify common and potential vulnerabilities and investigate mitigation approaches.


The laboratories are:

  • IoT Security laboratory where vulnerabilities are simulated and hardening steps tested.

  • ICS Security laboratory where research on control systems vulnerabilities are conducted. Secure Software Development Lifecycle (SSDLC) laboratory where study to identify security requirement and mechanism in software engineering practices are performed.


Strategic Objectives

The strategic objectives are:

  • To develop a comprehensive cyber security programme as a national priority that provides mitigation strategies to prevent the exploitation of critical information systems and technology vulnerabilities.

  • To reduce vulnerabilities and security risks by providing vulnerability assessment and countermeasures.

  • To develop the cyber security capacity and capability required primarily to ensure that the information systems and technologies could be used safely or implemented securely within the Critical National Information Infrastructure (CNII).

  • To promote the awareness and educate CNII owners and stakeholders about the vulnerabilities and possible attacks to their critical infrastructures.

  • To build partnerships among critical industries, CNII owners and stakeholders, governments and researchers to plan, develop and share security solutions.




Vulnerability Assessment & Penetration Testing (VAPT)



Vulnerability Assessment and Penetration Testing (VAPT) is a service offered to public and private organizations to discover and highlight security issues at client environment. It provides recommendations and countermeasures to rectify the vulnerabilities in order to reduce risk of security breach.





Industrial Control System (ICS)



Industrial Control System (ICS) service improves security posture of an organization through security assessment to increase nation’s ability in mitigating cyber threats and exploitation due to critical information systems and technology vulnerabilities.





Secure Software Development Lifecycle (SSDLC)



Secure Software Development Lifecycle (SSDLC) provides service to organizations to improve system security, build own secure software development process and manage security controls for all stages of software development life cycle.





IR4.0 & Internet of Things (IoT)



The Fourth Industry Revolution (IR4.0) and Internet of Things (IoT) provides service to improve nation’s resilience against cyber threats on IoT and Industry 4.0 ecosystem.





Training and Facility Services



Training and Facility services promote awareness and educate CNII organizations on vulnerabilities and possible attacks to their critical infrastructures.

The services include:

  • Security Posture Assessment Training
  • Wireless Security Training
  • Network Security Training
  • Web App Security Training
  • ICS Security Analyst Training
  • Secure Web Application Defender/Developer (CSWAD)
  • IoT Security Training