Page 39 - 20v•Cyber Security Strategy 2020-2024
P. 39

Malaysia Cyber Security Strategy 2020-2024  39
               SUMMARY
 Strategy 4:  Enhance Malaysia’s Cyber Laws to Address Current and Emerging
 Threats
               PILLAR 1: Effective Governance and Management

                 STRATEGY  1   Enhancing National Cyber Security Governance
                               and Ecosystem

                 •  To strengthen governance and ecosystem in cyber security

                 •  To enhance collaboration and building trust among government agencies,
                   CNII agencies, businesses and partners through information sharing and
                   effective Public-Private Partnership
                 •  To establish and implement National Communication Mechanism for effective
                   coordination, information sharing and media management


                            2    Improving Organisation Management and Business
                 STRATEGY        Operation (Government, CNII and Business)



                 •  To embed cyber security in business operation
                 •  To enhance holistic cyber security controls in supply chain environment

                 •  To comply to International Standard (ISMS, BCMS or equivalent) and Best Practices
                 •  To promote the use of certified ICT security products
                 •  To implement S-SDLC for critical Information System Development

                 •  To establish Data Leakage Protection Mechanism
                 •  To improve CERT Management

                 •  To develop Vulnerability Assessment (VA) Implementation Plan and conduct
                   periodic risk and VA on all critical ICT services

                 •  To measure National Readiness Level through periodical study
                 •  To enhance Industrial Control System (ICS) Protection

                            3    Strengthening Cyber Security Incident Management and

                 STRATEGY        Active Cyber Defence



                 •  To strengthen capacity and capability in Incident Management
                 •  To develop capacity in combating terrorist/extremist use of Internet
                 •  To enhance national readiness  towards bigger  scale and targeted cyber
                  attacks
   34   35   36   37   38   39   40   41   42   43   44