Skip to main content
SpringerLink
Log in

Critical Information Infrastructure Protection Requirement for the Malaysian Public Sector

  • Conference paper
  • First Online:
Advances on Smart and Soft Computing

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1188))

  • 1055 Accesses

Abstract

Malaysian Public Sector (MPS) organizations span laterally within all ten critical sectors outlined in the National Cybersecurity Policy (NCSP). Critical Information Infrastructure Protection (CIIP) initiatives are mainly driven by the overarching NCSP and the National Cybersecurity Strategy. Down the hierarchy, CIIP initiatives become more focused at the sectoral level. However, a dedicated CIIP framework for the MPS is currently unavailable thus giving an opportunity for research in this area. This paper explores current CIIP requirements pertinent to MPS sectoral needs. The method used is comparative analysis. In this paper, analyzed resources include international organizations requirements, key national policy documents, published official directives, circulars, guidelines and tools related to the MPS CIIP. The study findings have shown that risk management and resilience are among the emerging themes. A total of 21 external strategic requirements and 26 available internal resources are identified. A comparison of MPS Cybersecurity Framework (RAKKSSA) against NIST Cybersecurity Framework is also established to highlight CIIP. For future work, five recommendations are proposed as guidelines for developing MPS CIIP Framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. GFCE Global Good Practices Critical Information Infrastructure Protection (CIIP) (2017). https://www.thegfce.com/good-practices/documents/publications/2017/11/21/critical-information-infrastructure-protection-ciip. Accessed 31 Dec 2019

  2. Dunn, M.: Understanding critical information infrastructures: an elusive quest. In: The International CIIP Handbook, pp. 27–53 (2006)

    Google Scholar 

  3. Wilson, C.: Cyber threats to critical information infrastructure. In: Cyberterrorism, pp. 123–136. Springer, New York (2014)

    Google Scholar 

  4. Gartner Glossary. https://www.gartner.com/en/information-technology/glossary/operational-technology-ot. Accessed 31 Dec 2019

  5. International Communication Union Global Cybersecurity Index (GCI) (2018). https://www.itu.int/pub/D-STR-GCI.01. Accessed 31 Dec 2019

  6. Malaysia Academy of Sciences: Cyber Security: Towards a Safe and Secure Cyber Environment (2018)

    Google Scholar 

  7. Abdullah, F., Mohamad, N.S., Yunos, Z.: Safeguarding Malaysia’s cyberspace against cyber threats: contributions by cybersecurity Malaysia. OIC-CERT J. Cyber Secur. 1(1) (2018)

    Google Scholar 

  8. Hashim, S.: Malaysia’s national cyber security policy towards an integrated approach for cybersecurity and critical information infrastructure protection (CIIP). In: Proceedings: ITU Regional Cybersecurity Forum for Africa and Arab States, Tunis, Tunisia (2009)

    Google Scholar 

  9. National Cyber Security Agency (NACSA): Directive on Notification of Government Computer Emergency Response Team (GCERT) Management Function by NACSA. Putrajaya (2019)

    Google Scholar 

  10. National Cyber Security Agency (NACSA): Directive on Public Sector ICT Security Officer Notification. Putrajaya (2019)

    Google Scholar 

  11. ENISA: Stocktaking, Analysis and Recommendations on the Protection of CIIs. European Union (2016)

    Google Scholar 

  12. United Nations: UN Assembly Resolution A/RES/58/199: Critical Infrastructure (2004)

    Google Scholar 

  13. G8 Principles for Protecting Critical Information Infrastructures (2003)

    Google Scholar 

  14. OECD: OECD Recommendation of the Council on the Protection of Critical Information Infrastructures. Seoul, Korea (2008)

    Google Scholar 

  15. International Telecommunication Union (ITU), The World Bank, Commonwealth Secretariat (ComSec), The Commonwealth Telecommunications Organisation (CTO), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE): Guide to Developing a National Cybersecurity Strategy—Strategic Engagement in Cybersecurity (2018)

    Google Scholar 

  16. ENISA: Threat Landscape and Good Practice Guide for Internet Infrastructure. European Union (2015)

    Google Scholar 

  17. ENISA: Methodologies for the Identification of Critical Information Infrastructure Assets and Services. European Union (2014)

    Google Scholar 

  18. ENISA: Measurement Frameworks and Metrics for Resilient Networks and Services. European Union (2010)

    Google Scholar 

  19. Commonwealth Telecommunication Organization: Commonwealth Approach for Developing National Cybersecurity Strategies a Guide to Creating a Cohesive and Inclusive Approach to Delivering a Safe, Secure and Resilient Cyberspace. United Kingdom (2014)

    Google Scholar 

  20. GFCE-MERIDIAN Process: The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for Governmental Policy-Makers. TNO, Netherlands (2016)

    Google Scholar 

  21. Malaysia Administrative Modernization and Planning Unit (MAMPU): Public Sector Cyber Security Framework. In: Rangka Kerja Keselamatan Siber Sektor Awam (RAKKSSA). Cyberjaya (2016)

    Google Scholar 

  22. NIST Cybersecurity Framework Website. https://www.nist.gov/cyberframework. Accessed 31 Dec 2019

  23. Teoh, C.S., Mahmood, A.K., Dzazali, S.: Is NIST CSF applicable for developing nations? A case study on government sector in Malaysia. In: 21st Pacific Asia Conference on Information Systems (PACIS), pp. 101–111. Association for Information Systems (AIS), Langkawi (2017)

    Google Scholar 

  24. Malaysia Administrative Modernization and Planning Unit (MAMPU): Malaysian Public Sector Management of Information & Communications Technology Security Handbook (MyMIS). Putrajaya (2002)

    Google Scholar 

  25. Malaysia Administrative Modernization and Planning Unit (MAMPU): MAMPU Director General Directive Letter Implementation of Information Security Risk Assessment Using MyRAM App 2.0 in the Public Sector Agencies. Putrajaya (2015)

    Google Scholar 

  26. Malaysia Information Security Governance, Risk Management and Compliance (MyISGRC) App. https://www.mampu.gov.my/en/myisgrc-bi. Accessed 31 Dec 2019

  27. National Cyber Coordination and Command Center NC4 Portal. https://www.nc4.gov.my. Accessed 31 Dec 2019

  28. Malaysia Government: Act 88 Official Secrets. Federal Gazette, Malaysia (1972)

    Google Scholar 

  29. Malaysia Government: Act 298 Protected Areas and Protected Places. Federal Gazette, Malaysia (1959)

    Google Scholar 

  30. National Cybersecurity Agency (NACSA) Website. https://www.nacsa.gov.my/government.php. Accessed 31 Dec 2019

  31. Malaysia Administrative Modernization and Planning Unit Website. https://www.mampu.gov.my. Accessed 31 Dec 2019

  32. Cybersecurity Malaysia Resources Download. https://www.cybersecurity.my/en/knowledge_bank/info_guiding/best_practices/main/detail/639/index.html. Accessed 31 Dec 2019

  33. Malaysia National Security Council: National Security Policy. Putrajaya (2017)

    Google Scholar 

  34. Ministry of Home Affairs Malaysia: Public Safety and Security Policy. Putrajaya (2019)

    Google Scholar 

  35. Ministry of Defense Malaysia: Defense White Paper. Kuala Lumpur (2019)

    Google Scholar 

Download references

Acknowledgements

We would like to express our outmost gratitude to the Public Service Department Malaysia, for the sponsorship of this research under the Federal Training Award Scholarship.

Author information

Authors and Affiliations

  1. Universiti Tun Hussein Onn Malaysia, 86400, Parit Raja, Johor, Malaysia

    Saiful Bahari Mohd Sabtu & Kamaruddin Malik Mohamad

Authors
  1. Saiful Bahari Mohd Sabtu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamaruddin Malik Mohamad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saiful Bahari Mohd Sabtu .

Editor information

Editors and Affiliations

  1. College of Computer Science and Engineering, Taibah University, Medina, Saudi Arabia

    Faisal Saeed

  2. Department of Computing and Technology, Nottingham Trent University, Nottingham, UK

    Tawfik Al-Hadhrami

  3. School of Computing, Universiti Utara Malaysia (UUM), Sintok, Malaysia

    Fathey Mohammed

  4. Faculty of science Ain Chock, Hassan II University of Casablanca, Casablanca, Morocco

    Errais Mohammed

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sabtu, S.B.M., Mohamad, K.M. (2021). Critical Information Infrastructure Protection Requirement for the Malaysian Public Sector. In: Saeed, F., Al-Hadhrami, T., Mohammed, F., Mohammed, E. (eds) Advances on Smart and Soft Computing. Advances in Intelligent Systems and Computing, vol 1188. Springer, Singapore. https://doi.org/10.1007/978-981-15-6048-4_32

Download citation

Publish with us

Policies and ethics

Search

Navigation