Malaysia’s National Cyber Security Policy

The Country’s Cyber Defence Initiatives

Mohd Shamir b Hashim

Government & Multilateral Engagement
CyberSecurity Malaysia
Kuala Lumpur, Malaysia
shamir@[Link]

organization and the society at large is a realization of this

conscious choice.
Abstract— The launching of Malaysia’s Vision 2020 mark the
This increasing dependency on digital information
country’s journey towards becoming a developed nation and
embracing the knowledge-based economy as a mean of
systems brings with it escalating vulnerabilities and risks,
achieving it. By consciously choosing to utilize the information especially to the Critical National Information Infrastructure
and communication technology as a tool for development, it has (CNII) of Malaysia. These risks include cyber crimes such as
resulted in the increasing use of digital information systems Hacking, Intrusion, Fraud, Harassment, Malicious Code and
throughout the industry, the private and public organizations Denial of Service Attacks.
and the society at large. However, the dependency on digital
information systems bring with it escalating vulnerabilities and II. DEVELOPMENT OF A NATIONAL CYBER SECURITY
risks, especially to the Critical National Information POLICY
Infrastructure (CNII) which among others include cybercrimes In recognition of the growing cyber threats surfacing and
such as Hacking, Intrusion, Fraud, Harassment, Malicious endangering the e-Sovereignty of the nation, the Ministry of
Code and Denial of Service Attacks. Science, Technology and Innovation (MOSTI) conducted a
study on the development of a policy or guidelines to address
Acknowledging the growth of cyber threats that are
cyber security issues facing the country. The study was
endangering the e-Sovereignty of the nation, a cyber security
conducted in 2005 by a conglomerate of consultants and with
policy was put in place.
the cooperation of the relevant ministries and government
The National Cyber Security Policy (NCSP) is Malaysia’s agencies.
comprehensive cyber security implementation to be done in an The objectives of the study were to:
integrated manner to ensure the CNII is protected to a level
that commensurate the risks faced. Cutting across the Assess the current situation of cyber security risks
government machineries, the implementation has drawn in within the CNII sectors;
various ministries and agencies to work together to meet the
vision of having a CNII that is secured, resilient and self reliant Ensure that the critical infrastructures are protected
that will eventually promote stability, social well being and to a level that commensurate the risks faced; and
wealth creation for the country.
Develop and establish a comprehensive roadmap and
After 4 years of the NCSP implementation, the Malaysia’s action plans for the implementation of a Cyber
cyber security is now being looked as something to be reckon Security Framework.
with. Much has been done and more need to be done as the The outcome of the study was presented and accepted at
landscape of cyber threats changes with the development of the National IT Council (NITC) meeting on 7 April 2006,
new technologies and tools. which was chaired by the Prime Minister. This decision was
noted by the Cabinet of Ministers on 31 May 2006 and
Successfully implemented, Malaysia’s CNII will be better
placed to meet the challenges and opportunities that
endorsed for implementation as the National Cyber Security
technological advancement brings and that it will help to Policy (NCSP).
achieve the objectives of Vision 2020 and beyond. The NCSP is a comprehensive cyber security approach
that provides the perspective of how cyber security should be
I. INTRODUCTION implemented in an integrated manner. This policy has a
Malaysia’s journey towards a knowledge-based vision that states: “Malaysia’s CNII shall be secure, resilient
economy or the K-economy began with the launching of and self-reliant. Infused with a culture of security it will
Vision 2020 by the Prime Minister of Malaysia in February promote stability, social well being and wealth creation.”
1991. Accompanied with the launch of the Multimedia
Super Corridor and the acknowledgment of the importance III. THE CRITICAL NATIONAL INFORMATION
of moving towards a knowledge-base economy, Malaysia INFRASTRUCTURE
consciously chose to utilize the information and Malaysia’s CNII is defined as: “Assets (physical and
virtual), systems and functions that are vital to the nation that
their incapacity or destruction would have a devastating
communication technology as a tool for the country’s impact on the;
development. The increasing use of the digital information
systems throughout the industry, the public and private National economic strength;

978-0-615-51608-0/11 ©2011 EWI

 National image; fundamental vulnerabilities to the information security of the
CNII. This is accompanied with the creation of a centralized
National defence and security; platform that provides security mechanism and raising
Government capabilities to function; and awareness of information security and its implications within
the CNII.
Public health and safety”
B. The Second phase
The policy further identified ten sectors in Malaysia, This phase concentrates on building the infrastructure
which are considered as the CNII. These sectors are: required for cyber security, which also include the setting-up
National Defence & Security; of the necessary systems, processes, standards and
institutional arrangements (mechanisms). In this phase,
Banking & Finance; efforts will be given to build capacity amongst researchers
Information & Communication; and info security professionals.
C. The Third phase
Energy;
This phase focus on maintaining the efforts provided in
Transportation; the first two phases such as developing self-reliance in terms
Water; of technology as well as professionals and monitoring
mechanisms to ensure compliance. As these efforts are
Health Services; established, there is a need to evaluate and improve such
mechanism and to create the culture of cyber security.
Government;
VI. POLICY GOVERNANCE STRUCTURE
Emergency Services; and
Implementing a national policy like the NCSP will
Food & Agriculture require a governance structure that involves the public and
private machineries. In line with this, a national level
IV. POLICY THRUSTS
committee was established to oversee the implementation of
The NCSP is divided into eight areas, which are being this policy. The committee called the National Cyber
referred to as the policy thrusts. A Thrust Driver, from the Security Coordination Committee (NC3) consists of senior
ministries that have the authority in the respective thrust officials from the ministries and government agencies
areas, leads the thrusts with the assistance of their respective responsible for the operation of the country’s CNII. The
working group. NC3 was originally chaired by MOSTI. However in 2010,
The eight Policy Thrusts and corresponding Thrust with the amendments to the duties of the ministers, the
Drivers are as in the following table. responsibility of the nation’s cyber security is placed with the
National Security Council. This led to the handing over of
TABLE I. POLICY THRUSTS & DRIVERS the Chair of the committee from MOSTI to the National
Security Council.
No Policy Thrust Thrust Driver
1 Effective Governance National Security Council CyberSecurity Malaysia continues to provide services as
the secretariat to the committee under the leadership of the
2 Legislative & Regulatory Attorney General’s National Security Council. As the secretariat, this agency
Framework Chambers
coordinates all efforts in implementing the NCSP and
3 Cyber Security Technology Ministry of Science, proposing the way forward to reach the vision.
Framework Technology & Innovation
Going upwards, the NC3 reports to the e-Sovereignty
4 Culture of Security & Capacity Ministry of Science, committee chaired by the Deputy Prime Minister, which in
Building Technology & Innovation
turn will report to the National IT Council (NITC) chaired by
5 R & D Towards Self-reliance Ministry of Science, the Prime Minister.
Technology & Innovation
VII. POLICY THRUSTS
6 Compliance & Enforcement Ministry of Informatio,
Communication & Culture As mentioned earlier, the NCSP is divided into eight
areas of focus, which are known as thrust. Following are the
7 Cyber Security Emergency National Security Council
Readiness descriptions of the thrusts.
8 International Cooperation Ministry of Informatio, A. Thrust 1 – Effective Governence
Communication & Culture The policy recognizes the interdependent nature of the
CNII that an impact on one sector will affect the others.
V. IMPLEMENTATION APPROACH Although some progress has been made in securing the CNII,
On the subject of implementation, the NCSP is divided there are still challenges that remain to be overcome.
into three phases with their respective objectives. These three The main objectives of this Thrust are:
phases are as follows:
To have a centralised coordination of the national
A. The First phase cyber security initiatives;
This phase addresses the immediate concerns and
measures that can be taken to immediately implement cyber To promote effective cooperation between the public
security such as identifying stop-gap measures to address and the private sectors; and
 To establish and encourage informal information The Communication and Multimedia Act.
sharing exchanges.
There are also some conventional laws that have
During the study, it was found that information security implication on the cyber environment such as:
programs are not well coordinated as it was done by each
entity to satisfy their own requirements and focus on their The Penal Code;
own mission. This has resulted in confusion, The Internal Security Act;
misunderstanding and overlapping of resources not to
mention losing sight of the overarching national needs. The Sedition Act;
Trends are not monitored and risk profiles of cyber The Defamation Act; and
security remain obscure for the country. Therefore, a single
The Evidence Act.
cyber security coordination body was proposed to
consolidate cyber security initiatives of Malaysia, which also The cyber law review looks at all these laws and provided
include awareness activities. The body is identified as recommendations on improvement that need to be made. The
CyberSecurity Malaysia. outcome of this review was given to the Attorney General’s
Office (AGC) whom is the Thrust Driver.
CyberSecurity Malaysia, an agency of MOSTI, provides
central coordination and assists the government in identifying The amendments to the law is now currently in progress
challenges and the minimum standards for cyber security. where the AGC is now working with the respective
ministries that ‘own’ the acts. This exercise is not only a
In addition to having a centralized body, this thrust for
national agenda but also as part of an international
effective governance sees the formation of national
framework where the review looks at the European
committees that oversees cyber security initiatives and
Convention and laws of other countries on curbing common
condition of the country such as the NC3 and its working
threats to the global community.
groups and the e-Sovereignty committee, which involves
very high-ranking officers of the government. C. Thrust 3 – Cyber Security Technology Framework
B. Thrust 2 – Legislative & Regulatory Framework Information security guidelines are abundant within the
public sectors in Malaysia. However, most of these
This thrust looks at the legal area of the policy. The laws
guidelines are informative in nature and not so much as
and regulations are very important to create trust and
providing mandatory or minimum requirements. This policy
confidence in the CNII. The objectives of this thrust are:
thrust, which is led by MOSTI, has the objectives of:
To review and enhance Malaysia’s cyber laws to
Developing a cyber security technology framework
address the dynamic nature of cyber security threats;
that specifies information security requirements,
To establish progressive capacity building programs controls and baselines for the CNII elements; and
for the national law enforcement agencies; and
Implementing an evaluation/certification programs
To ensure that all applicable local legislation is for information security products and systems.
complementary to and in harmony with international
A few years ago, the need for equipment and systems are
laws, treaties and conventions.
based on individual requirements and not based on a baseline
The NCSP is about protecting the CNII by ensuring the or standards approved by the government. Thus for most
confidentiality, integrity and availability of information and cases, cyber security controls are determined at a later stage
the non-repudiation of communication. Therefore, the laws which prove to be expensive and damaging to the network.
and regulations are vital in ensuring the advancement of
Cyber security framework defined the security controls
information technology benefit the people and country and at
that are needed. Security such as management, technical and
the same time ensuring the CNII are protected.
operational controls will provide some assurance that some
The aim of this thrust is to have adequate legal system, security measures are in place. These measurements will be
which can adapt to the ever-changing landscape of cyber base on the respective entities where it will commensurate
security. Thus the initiatives within this thrust is to define, with the impact on the operations, assets or individuals if
categorized and penalized cyber crimes so as to deter future security breaches occur with respect to the confidentiality,
malice and to provide a comprehensive framework for the integrity or availability of information.
country to have the appropriate level of compliance to protect
Presently, the working group of this thrust has
the CNII.
recommended that all CNII entities of Malaysia adopt the
For this purpose, the existing laws need to be enhanced in MS ISO/IEC 27001-2007 Information Security Management
order to effectively address the legal challenges of the System (ISMS) as a security baseline and to obtain the
present cyber environment. CyberSecurity Malaysia has certification. After much deliberation, the Government of
spearheaded the review of the laws of Malaysia that provide Malaysia has agreed to this proposal and issued an
a view of the existing legislative and regulatory framework instruction in February 2010 that all Malaysian CNIIs are to
with respect to cyber security. Malaysia has a range of be ISMS certified within three years.
existing legislations dealing with the cyber environment, Another major initiative under this thrust is the
which among others are: establishment of the Malaysia Common Criteria Evaluation
The Computer Crimes Act; and Certification Scheme (MyCC). Malaysia through
CyberSecurity Malaysia has become a member of the
The Digital Signature Act; and
Common Criteria Recognition Arrangement (CCRA) since the public to a variety of threats and vulnerability. This raise
2007. the need for greater awareness and understanding of security
issues and the need to develop a culture of cyber security that
The CCRA ([Link]) is an will focus on security in the development of the network and
international agreement, which ensures that: the adoption of new way of thinking and behaving when
Products can be evaluated by competent and using information system such as the internet.
independent licensed laboratories so as to determine The efforts to promote a culture of cyber security require
the fulfilment of particular security properties, to a leadership and involvement of multiple parties. This is the
certain extent or assurance; concern of all government ministries and agencies which
Supporting documents, are used within the Common have to be represented by a strategic roadmap depicting well
Criteria certification process to define how the planned and well managed programs.
criteria and evaluation methods are applied when With this in mind, CyberSecurity Malaysia conducted a
certifying specific technologies; study in 2010 titled the National Strategy for Cyber Security
The certification of the security properties of an Acculturation and Capacity Building. The study focuses on
evaluated product can be issued by a number of the key aspect, which are the cyber security acculturation and
Certificate Authorizing Schemes, with this capacity building.
certification being based on the result of their The cyber security acculturation programs target the
evaluation; and public by having a plan to inculcate best practices, good
All the signatories of the CCRA recognized these habits and behaviours on good and safe use of the Internet.
certificates. This includes the development of content, the approach and
implementation plan of the acculturation. On the capacity
Malaysia has been a certificate consuming member and building, the target group are the CNII entities where the
has been audited to become a Certificate Authorizing study provides a plan to get the organizations and individuals
Member last year. towards building a pool of information security
professionals. This include the propose content for skill
CyberSecurity Malaysia recognized that implementing
areas, the approach and the implementation of the plan.
security evaluation such as the Common Criteria would
enable buyers to procure IT technology with greater The result of the study will overcome the lack of
confidence. The Common Criteria also validate vendors’ initiatives that can drive and increase the level of cyber
claims about security and enable network architects and security awareness through the necessary training and
security professionals to choose the right technology for the education strategies provided by the outcome. In addition,
right role. CyberSecurity Malaysia will promote the consideration of
security as an important objective among all elements in
This kind of evaluation will reduce the need for the
government agencies, businesses and private sector.
individual CNII entities to perform their own testing. This
will improve competitiveness, speedier deployment of While the study was being conducted, CyberSecurity
technology and decrease the risk faced by implementers of Malaysia has embarked on a national awareness campaign
the technology. branded as CyberSAFE. CyberSAFE, which stands for Cyber
Security Awareness For Everyone, is a cyber security
Due to the nature of cyber security technology, regular
program targeting the general public. This program includes
updates and review of the framework will be undertaken to
seminars, awareness talk and exhibitions in order to reach out
ensure that the most appropriate technology is deployed.
to the people. To extend the reach further, this program has a
D. Thrust 4 – Culture of Security and Capacity Building portal ([Link]) that contains cyber security
This is the one thrust that gives focus on the human video clips and free downloads of posters, magazines and
aspect of the policy. The objectives of Thrust 4 are: articles. Recently, CyberSecurity Malaysia launched an
extension program called CyberSAFE in Schools to reach to
To develop, foster and maintain a national culture of young generation, which comprises the major portion of
security; Internet user in the country and the most vulnerable group.
To standardize and coordinate information security The development of human resources is critical to the
awareness and education programs across all success of efforts to improve security. In order to achieve the
elements of the CNII; vision of the policy, the public and private sectors must have
personnel that are sufficiently and professionally trained in
To establish an effective mechanism for information the technical and non-technical issues of cyber security.
security knowledge dissemination at the national
level; and CyberSecurity Malaysia has alliances with international
certification bodies to conduct information security courses
To identify minimum requirements and and certification to information security professionals of
qualifications for information security professionals. Malaysia. Among the organizations are:
The continuing changes in information technology The International Information Systems Security
requires greater emphasis on security by the CNII entities Certification Consortium, Inc. (ISC)2 which is the
whom develop, own, provide, manage, service and use global, non-profit leader in educating and certifying
information systems and networks. The wireless and information security professionals throughout their
broadband technologies have contributed significantly to the careers;
increase in Internet users that has increased the exposure of
 DRI International and DRI Malaysia which is an technologies that protect the country’s CNII with the aim to
institute on continuity management; achieve self-reliance in those technologies.
The International Council of Electronic Commerce The R&D efforts are aimed at countering threats to the
Consultant (EC Council) which is a member CNII by making improvements to the current capabilities and
supported organization the offers various e-business also by developing new ones. This is achieved by
and security certifications; and intensifying efforts to promote cyber security research at
learning institutions to increase the size of cyber security
ISACA and ISACA Malaysia which is an research community.
independent, non-profit, global association engage in
the development, adoption and use of globally With the national R&D Roadmap, it will churned
accepted, industry-leading knowledge and practices revolutionary ideas rather than steady advancement in the
for information systems. field.
The certified professionals and certification bodies will Another matter that is important is the intellectual
promote the culture of cyber security and setting the property as an outcome from the research activities. It is vital
minimum standards for those involved in the information that the country is able to protect home grown intellectual
security knowledge processes. property because this will provide the environment for future
creation and development of the original works and finally
E. Thrust 5 – Research and Development towards Self stimulate greater economic growth and entrepreneurial
Reliance activities.
In achieving the objective of this thrust, the CNII of
F. Thrust 6 – Compliance and Enforcement
Malaysia is protected by an integrated research and
development framework that focuses on technology with the The Ministry of Information, Communication and
aim of being self-reliant. Culture (MICC) is driving this thrust. One of the reasons is
because major information and communication regulator
The objectives of this thrust are: which is the Malaysian Communications and Multimedia
To formalize the coordination and prioritization of Commission and CNII entities such as Telekom Malaysia,
cyber security research and development activities; Maxis, Jaring to name a few are under the purview of this
ministry.
To enlarge and strengthen the information security
The objectives of this thrust are:
research community;
To standardize information security systems across
To promote the development and commercialization
all elements of the CNII;
of intellectual properties, technologies and
innovations through focused research and To strengthen the monitoring and enforcement of
development; and standards; and
To nurture the growth of information security To develop a standard information security risk
industry. assessment framework.
The study on NCSP found that there was a lack of cyber Interdependencies across the CNII are complex such as
security coordination and prioritization at the national level. no telecommunication organization can work without power
This has cause research agendas and programs not to be and no financial institution can operate effectively without
systematically managed which cause important priorities to telecommunications. As the 10 CNII sectors of Malaysia are
be overlooked. Determining the research areas is of inter linked and reliant upon one another, a weakness in one
paramount importance. A clear identification of priority areas sector can often translate into a weakness in all sectors.
is required to prevent uncoordinated research efforts where Therefore it is vital importance that all ten sectors achieve a
individual entities and research institutes focus on individual minimum level of information security and that this
missions that may not meet the overarching national needs achievement is independently verified.
and priorities.
MICC and the working group of NCSP Thrust 6 provides
There is a need to have a central entity to coordinate and independent cyber security audits and other control
prioritize the current and future R&D agenda of the nation. In mechanisms where the information will be use to monitor
light of this, MIMOS an agency of MOSTI has been assigned compliance, set baselines and identify trends. This will assist
the task. This agency will align and integrate R&D programs in identifying the sectors that need help in meeting the
and initiatives to avoid duplication of efforts and to security baseline.
encourage collaboration where appropriate.
The Thrust 6 working group has develop a risk
Since assigned this task, MIMOS has developed the assessment framework for the CNII to use in identifying risk
National R&D Roadmap for Self Reliance in Cyber Security within their respective IT systems. This will help the entities
Technologies. This plan was formulated by MIMOS and a to understand their own risk profile by using similar,
consortium of 22 organizations representing the academics, acceptable and comparable techniques to identify risk. The
government, industry and researchers with the goal of uniformity in using the framework will allow the
aligning and integrating all R&D programs and projects identification of trends, strength and weaknesses. Apart from
related to cyber security. This will avoid duplication of allowing the working group to identify the critical systems
efforts and to encourage collaboration, where appropriate, that need to be secured, it will also provide assistance, focus
between academia, industry and government. Driven by an resources and drive R & D initiatives. This is supported with
integrated R&D framework, the roadmap focuses on
the annual risk assessment survey to monitor the progress of initiatives require international cooperation. Sharing
managing the threats and vulnerabilities. intelligence, research, best practice, discussing challenges
and learning from other mistakes as well as helping to
The government of Malaysia has imposed the formulate and drive international policy direction and
requirement of having the CNII entities to be ISMS certified initiative will help Malaysia to secure the CNIIs.
by 2013. In ensuring compliance to the requirement, the
working group Thrust 6 and 3 are working together to The objectives of this thrust are:
provide awareness on ISMS and the certification processes.
To encourage active participation on all relevant
G. Thrust 7 – Cyber Security Emergency Readiness international information security bodies, panels and
The Computer Emergency Response Teams (CERT) or multi-national agencies;
the Computer Security Incident Response Team (CSIRT) is To promote active participation in all relevant
an instrumental set up in mitigating cyber security international information security events, conference
incidences. CyberSecurity Malaysia hosts the Malaysian and forums; and
CERT (MyCERT), which monitor the cyber security threats
in the country’s cyber environment. To enhance the strategic position of Malaysia in the
field of information security by hosting an annual
The objectives of the NCSP Thrust 7 are: international information security conference.
To strengthen the national CERT; The active participation in all relevant international cyber
To develop effective information security incident security bodies, panels and multi-national agencies will help
reporting mechanisms; to ensure that the country has a hand in driving the
international cyber security agenda.
To encourage all elements of the CNII to monitor
information security events; Under the spirit of this Thrust, Malaysia is the co founder
of the Asia Pacific Computer Emergency Response Team
To develop a standard business continuity (APCERT - [Link]) and has played an active role
management framework; since the formation. CyberSecurity Malaysia, acting on
behalf of Malaysia has held the Chair and Secretariat position
To disseminate vulnerability advisories and threat in providing leadership to the collaboration. Now
warnings in a timely manner; and CyberSecurity Malaysia is one of the steering committee
To encourage all elements of the CNII to perform members.
periodic vulnerability assessments programs. On a more active role, Malaysia through CyberSecurity
Presently many organizations within the CNII do not Malaysia, spearheaded the formation of the Organization of
report cyber security incidents. Although the increase in Islamic Conference Computer Emergency Response team
education and awareness will help, the existing incident (OIC-CERT – [Link]) in 2005. Now with 18
response centre need to be strengthen to be able to provide member countries and an affiliated institution of the OIC,
the appropriate response. Malaysia is at the helm holding the Chair position and
providing the leadership required.
Effective cyber security monitoring is not prevalent
across the CNII. However, vigilant monitoring and In addition to these major multilateral engagements,
correlation of data at the national level are crucial elements to Malaysia participated in other information security events
ensure security incidents are identified and managed conducted by international organization among them are
properly. ITU, APECTEL, the Meridian Conference, FIRST, and
APWG. On home ground, CyberSecurity Malaysia organized
In view of this issues, the National Security Council annual conferences such as the Cyber Security Malaysia
whom is the driver of this Thrust has developed the National Award Conference and Exhibitions (CSM-ACE).
Cyber Crisis Management Plan (NCCMP) with the purpose
of outlining the strategy that Malaysia will undertake in VIII. LESSON LEARNED
mitigating and responding to cyber incidents through the With the dependent on IT infrastructure resulting to the
public and private collaboration and coordination. increase in cyber incidents, it is a right move for MOSTI to
Tied to this plan are the cyber drills co organized conduct a study on the requirement of a national policy to
annually by the National Security Council and CyberSecurity mitigate such incidences. The NCSP aims at enhancing the
Malaysia. The drill is to test the procedures and processes security, resilience and self-reliance of Malaysia’s CNII to
stated in the plan. All kinks are iron out to ensure continuous promote stability, social well being and creating wealth.
improvement to the NCCMP. The drills also observe the In implementing the policy, the keys to success are;
reaction of participating CNIIs and the flow of information. It
is critical to ensure that all cyber security related information Effective governance and coordination with the
gathered be disseminated to all the relevant CNII sectors as establishment of a single coordination centre which
and when needed. Therefore, vulnerability advisories and in this case is CyberSecurity Malaysia. This has
threat warnings can and should reach everyone in a timely created organization clarity and accountability;
and efficient manner.
Improving the public private cooperation;
H. Thrust 8 – International Cooperation
Improving the information security skills and
The cyber environment does not conform to the physical capacity;
boundaries of the countries thus successful cyber security
 Enhancing the existing research & development [2] UK Office of Cyber Security, “Cyber Security Strategy of the United
Kingdom : safety, security and resilience in cyber space” Office of
initiatives toward self-reliance; Public Sector Information, Information Policy Team, June 2009.
Map out the emergency readiness; (references)
[3] United State, Executive Office of the President “Cyber Space Policy
Dictates the program for compliance and assurance Review: Assuring a Trusted and Resilient Information and
across the whole of CNII; and Communication Infrastructure,” United State, Executive Office of the
President, May 2009. (references)
Reaching out to international partners. [4] Ministry of Science, Technology and Innovation. “National R&D
Roadmap For Self Reliance in Cyber Security Technologies.”
As a whole, the NCSP aims to improve trust and Unpublished.
cooperation in the CNII for the benefit of the people of [5] ISACA and the IT Governance Institute. ISACA Overview. Retrieved
Malaysia. April12, 2011. From [Link]
/History/Pages /[Link]
REFERENCES [6] (ISC)² . About (ISC)². Retrieved April 12, 2011. From
[1] Ministry of Science, Technology and Innovation, Malaysia, “National [Link]
Cyber Security Policy: The Way Forward,” Federal Government [7] Ec-Council . About us. Retrieved April 12, 2011. From
Administrative Centre. July 2006. (references) [Link]