Nightmares can come
in bytes. That is literally true in the
scenario of cyber attacks in the forms of hackers, computer viruses and
security breach. The Public Sector is
not exempted from cyber attacks and security incidences have risen nearly 400%
in the last couple of years from 53 to 253, and the figure is still on the
increase, according to the Government Computer Emergency Response Team (GCert). Established by the Malaysian Administrative
Modernization & Management Planning Unit (MAMPU), GCert is one of the
components in a continuous reactive fight undertaken to secure government ICT
assets.
New strategies to
tighten ICT security in the Public Sector will employ three modes of action –
proactive, continuous and reactive. The
proactive measures will follow the guidelines outlined in the Policy Framework
(PA 3/2000), Incident Handling Mechanism (PA 1/ 2001), Malaysian Public Sector
Management of ICT Security Handbook (MyMIS), Malaysian Public Sector ICT
Security Risk Assessment (MyRAM), Security Posture Assessment (SPA), Audit
Review Methodology & Accreditation Scheme and so forth.
As a continuous
measure, programmes to instill awareness and acculturation are being
implemented since aspects of ICT security should be taken into serious
consideration from early on and not as an afterthought. Defense mechanisms like firewall, intrusion
detection system, public key infrastructure, encryption, and so on also come in
handy to minimize cyber threats.
The key reactive
measures involve the GCert Team, incident response handling, information
dissemination, ICT security advisory, chief information officer/ ICT security
officer network, inter-agency coordination and business continuity
planning. Information on ICT security
could now be sourced from the Government Security Web Portal at
www.prisma-mampu.gov.my, a one-stop reference centre for users from both the
public sector and the general public.
