Essential Elements of a Cyber Security Policy

In today’s digital world, cyber security matters play a critical role in up keeping the nation’s overall security. Cyber Security has become an essential part of all essential government security policies and strategies and many states are coming up with dedicated cyber security policy to lay a secure foundation.

The National Cyber Security should seeks to address the risks to all the citizens and services, especially in the critical sectors like:

  • Banking and Finance
  • Information and Communications
  • Energy
  • Transportation
  • Water
  • Health Services
  • E-Government
  • Emergency services
  • Food and Agriculture

At a minimum, in order to protect the nation from unwanted cyber attacks and breaches, the following key areas should be focused upon at in the cyber security policy.

1. Effective Governance

  • Centralise coordination of national cyber security initiatives
  • Promote effective cooperation between public and private sectors
  • Establish formal and encourage informal information sharing exchanges

2. Legislative & Regulatory Framework

  • Review and enhance Malaysia’s cyber laws to address the dynamic nature of cyber security threats
  • Establish progressive capacity building programmes for national law enforcement agencies
  • Ensure that all applicable local legislation is complementary to and in harmony with international laws, treaties and conventions

3. Cyber Security Technology Framework

  • Develop a national cyber security technology framework that specifies cyber security requirement controls and baselines for critical elements
  • Implement an evaluation/certification programme for cyber security product and systems

4. Culture of security and Capacity Building

  • Develop, foster and maintain a national culture of security
  • Standardize and coordinate cyber security awareness and education programmes
  • Establish an effective mechanism for cyber security knowledge dissemination at the national level
  • Identify minimum requirements and qualifications for information security professionals

5. Research & Development Towards Self-Reliance

  • Formalize the coordination and prioritization of cyber security research and development activities
  • Enlarge and strengthen the cyber security research community
  • Promote the development and commercialization of intellectual properties, technologies and innovations through focused research and development
  • Nurture the growth of cyber security industry

6. Compliance and Enforcement

  • Standardize cyber security systems
  • Strengthen tho monitoring and enforcement of standards
  • Develop a standard cyber security risk assessment framework

7. Cyber Security Emergency Readiness

  • Strengthen the national computer emergency response teams (CERTs)
  • Develop effective cyber security incident reporting mechanisms
  • Encourage all to monitor cyber security events
  • Develop a standard business continuity management framework
  • Disseminate vulnerability advisories and threat warnings in a timely manner
  • Encourage periodic vulnerability assessment programmes

8. International Cooperation

  • Encourage active participation in all relevant international cyber security bodies, panels and multi-national agencies
  • Promote active participation in all relevant international cyber security by hosting an annual international cyber security conference

Related posts

Leave a Comment