CyberSecurity Malaysia

Transcription

CyberSecurity Malaysia
An Agency Under MOSTI
Ministry of Science,
Technology and Innovation
CyberSecurity Malaysia
(726630-U)
Tingkat 7, Sapura @ Mines,
7, Jalan Tasik, The Mines Resort City,
43300 Seri Kembangan,
Selangor Darul Ehsan,
Malaysia.
T : +603 - 8992 6888
F : +603 - 8945 3205
E : [email protected]
www.cybersecurity.my
3. To be valid the proxy form duly completed must be deposited at the Registered Office of the CyberSecurity Malaysia
at Level 7, Sapura@Mines, No 7, Jalan Tasik, The Mines Resort City, Seri Kembangan 43300 Selangor Darul Ehsan,
Malaysia not less than forty-eight (48) hours before the time for holding the meeting.
2. The instrument appointing a proxy shell be in writing under the hand of the appointor or his attorney duly
authorised in writing or if the appointor is a body corporate, either under seal or under hand of the officer or
attorney duly authorised.
1. A Proxy need not be a member of the CyberSecurity Malaysia PROVIDED that a member shell not be entitled to
appoint a person who is not a member as his proxy unless that person is an advocate, an approved company auditor
or a person approved by the Registrar of Companies.
Note:
* Delete whichever is not desired
(Signature of Appointor)
Signed this ......................................... day of ........... 20 ...........
time ............................. and at any adjournment thereof.
The Mines Resort City, 43300 Seri Kembangan, Selangor on the ................ day of ................. 20 .....
the Company to be held at the Board Room of Company, Level 7, Sapura@Mines, No 7, Jalan Tasik,
as *my [ / our] proxy to vote for *me / us on my / our behalf at the Third Annual General Meeting of
of .....................................................................................................................................................
or failing him ....................................................................................................................................
of .....................................................................................................................................................
..........................................................................................................................................................
being a Member of the Company hereby appoint .............................................................................
of .....................................................................................................................................................
*I / We ..............................................................................................................................................
FORM OF PROXY
Company No. 726630-U
(Incorporated in Malaysia)
CyberSecurity Malaysia
7.
6.
5.
4.
3.
2.
1.
2
6
5
4
3
1
Head, Finance Department
Ketua, Jabatan Kewangan
Azman bin Ismail
Acting Head, Procurement Department
Pemangku Ketua, Jabatan Perolehan
Tormizi bin Kasim
Head, Internal Auditor Department
Ketua, Jabatan Juruaudit Dalaman
Abd Rouf bin Mohammed Sayuti
Head, Corporate Planning and Strategy Department
Ketua, Jabatan Strategi dan Perancangan Korporat
Roshdi bin Hj Ahmad
Head, Legal and Secretarial Department Company Secretary
Ketua, Jabatan Perundangan dan Kesetiausahaan/Setiausaha Syarikat
Jailany bin Jaafar
Manager, Corporate Branding & Media Relations Department
Pengurus, Jabatan Penjenamaan Korporat & Perhubungan Media
Sandra Isnaji
Head, Corporate Branding & Media Relations Department
Ketua, Jabatan Penjenamaan Korporat & Perhubungan Media
Mohd Shamil bin Mohd Yusoff
7
Editorial Committee
Jawatankuasa Editorial
100
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a
basis for our audit opinion
An audit involves performing procedures to obtain audit evidence about the amounts and
disclosures in the financial statements. The procedures selected depend on our judgment,
Including the assessment of risks of material misstatement of the financial statements, whether
due to fraud or errpr. In making those risk assessments, we consider internal control relevant to
Company’s preparation and fair presentation of the financial statements in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of the Company’s internal control. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of accounting estimates
made by the Director, as well as evaluating the overall presentation of the financial statements.
Our responsibility is to express an opinion on these financial statements based on our audit. We
conducted our audit in accordance with approved standards on auditing in Malaysia. Those
standards require that we comply with ethical requirements and plan and perform the audit to
obtain reasonable assurance whether the financial statements are free from material
misstatement.
Auditor’ Responsibility
The Directors of the Company are responsible for the preparation and fair presentation of these
financial statements in accordance with Financial Reporting Standards and the Companies Act.
1965 in Malaysia. This responsibility includes: designing, implementing and maintaining internal
control relevant to the preparation of financial statements that are free from material misstatement,
whether due to fraud or error; selecting and applying appropriate accounting policies; and
making accounting estimates that are reasonable in the circumstances.
Directors’ Responsibility for the Finance Statements
We have audited the financial statements of CYBERSECURITY MALAYSIA, which comprise the
balance sheet as at 31st December, 2008 of the Company, and the income statement, statement
of changes in equity and cash flow statement of the Company for the year then ended, and a
summary of significant accounting policies and other explanatory notes, as set out on pages 4 to
20.
Report on the Financial Statement
Kuala Lumpur
Date : 10th June, 2009
SIVADASAN A/L NARAYANAN NAIR
1420/12/09(J)
Partner of the Firm
AZMAN, WONG, SALLEH & CO
AF : 0012
chartered accountants
101
This report is made solely to the members of the Company, as a body, in accordance with
Section 174 of the Companies Act, 1965 in Malaysia and for no other purpose. We do not
assume responsibility to any other person for the content of this report.
Other Matters
In accordance with the requirements of the Companies Act, 1965 in Malaysia, we also report
that in our opinion the accounting and other records and the registers required by the Act to be
kept by the Company have been properly kept in accordance with the provisions of the Act.
Report on Other Legal and Regulatory Requirements
In our opinion, the financial statements have been properly drawn up in accordance with
Financial Reporting Standards and the Companies Act, 1965 in Malaysia so as to give a true and
fair view of the financial position of the Company as of 31st December, 2008 and of its financial
performance and cash flows for the year then ended.
(Company No. : 726630-U)
CYBERSECURITY MALAYSIA
12th floor,
wisma tun sambanthan,
no. 2, jalan sultan sulaiman,
50764 kuala Lumpur
tel : 03-22732688
fax : 03-22748688
Opinion
(AF:0012)
INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF
akauntan bertauliah
chartered accountants
azman, wong, salleh & co.
98
Kuala Lumpur,
Date: 10th June, 2009
LT COL HUSIN BIN JAZRI (RETIRED)
DATO’ ABDUL HANAN BIN ALANG ENDUT
COMMISSIONER FOR OATHS
Before me,
99
Subscribed and solemnly declared by the abovenamed LT COL HUSIN BIN JAZRI (RETIRED) at Kuala
Lumpur on 10th June, 2009.
LT COL HUSIN BIN JAZRI (RETIRED)
I, LT COL HUSIN BIN JAZRI (RETIRED), the director primarily responsible for the financial management
of CYBERSECURITY MALAYSIA , do solemnly and sincerely declare that the financial statements set out
on pages 4 to 20 are in my opinion correct and I make this solemn declaration conscientiously believing
the same to be true, and by virtue of the provisions of the Statutory Declarations Act, 1960.
We, DATO’ ABDUL HANAN BIN ALANG ENDUT and LT COL HUSIN BIN JAZRI (RETIRED), being two
of the Directors of CYBERSECURITY MALAYSIA , do hereby state that in the opinion of the Directors, the
financial statements set out on pages 4 to 20 are drawn up in accordance with the Financial Reporting
Standards issued by the Malaysian Accounting Standards Board and the provisions of the Companies Act,
1965 so as to give a true and fair view of the state of affairs of the Company as at 31st December, 2008
and of its results and cash flows for the year ended on that date.
In accordance with a resolution of the Board of Directors dated 10th June, 2009.
STATUTORY DECLARATION
STATEMENT BY DIRECTORS
96
260,787
8,965,907
(b) Employees benefit costs
5,760,439
184,211
1,537,846
67,041
471,667
The employees benefit costs excludes director's emoluments and includes contribution to the
Employees Provident Fund of RM958,988 (2007: RM758,549).
241,791
Director's emoluments
1,748,391
Amortisation of intangible assets
Office rental
892,741
9,000
RM
11,000
2007
RM
30,906
57,877
2008
28,475
50,956
2,431
RM
RM
6,921
2007
2008
Depreciation of property, plant and equipment
(a) Audit fees
This is stated after charging:-
13. SURPLUS OF INCOME BEFORE TAXATION
Interest income
Tender and documentation fees
12. OTHER INCOME
9,740,164
14,033,690
12,334,215
24,399,940
Operating fund (Note 9(b))
4,293,526
RM
RM
12,065,725
2007
2008
Development fund (Note 9(a))
11. INCOME FROM GRANTS
This represents consultancy service charges and seminar and training fees.
10. REVENUE
Authorised capital expenditure approved
but not contracted for
15. CAPITAL COMMITMENT
12,110,000
RM
2009
-
RM
2008
97
The Company had applied on 17th November, 2008 for an extension of the tax exemption from
Ministry of Finance (MOF) and is waiting a reply from MOF.
The Company is incorporated as a non-profit company limited by guarantee and is fully funded by
grants from the Government of Malaysia. The Company has been granted a 100% tax exemption on
statutory income except for dividend for a period of 3 years pursuant to Paragraph 5 and 6 Schedule
7A of the Income Tax Act 1967 effective from 2006 to 2008.
14. TAXATION
The maturity terms of the deposits range from 1 to 365 days (2007: Nil).
The effective weighted average interest rate of the short term deposits during the year was 2.7%
(2007: Nil) per annum.
8. SHORT TERM DEPOSITS WITH LICENSED BANKS
96,875
RM
RM
122,975
2007
2008
The normal credit terms of trade receivables vary between 0 to 45 days.
Trade receivables
7. TRADE RECEIVABLES
94
482,792
71,385
67,140
4,245
554,177
299,467
This relates to software on Cyber Forensic tools and Customer Relations Management acquired.
1,230,806
At 31st December
Carrying value at 31st December
260,787
332,172
Charge for the year
At 1st January
71,385
1,562,978
At 31st December
Accumulated amortisation
1,008,801
254,710
RM
RM
554,177
2007
2008
Addition
At 1st January
Cost :
6. INTANGIBLE ASSETS
18,102,564
961,902
1,296,117
(9,740,164)
(12,334,215)
(9,740,164)
(11,942,314)
(73,287)
-
11,036,281
13,296,117
(318,614)
11,147,800
(111,519)
11,689,487
12,000,000
1,296,117
17,140,662
(4,293,526)
(12,065,725)
(67,140)
(3,754,818)
(187,500)
(11,304,099)
95
This represents grants received from the Government of Malaysia for the purposes of financing the
Company's daily operations and acquiring property, plant and equipment.
As at 31st December
- Operational expenses
- Amortisation for intangible assets
- Depreciation for property, plant and
equipment
Less: Transfer to Income Statement
Add: Grants received from the Government of Malaysia
At 1st January
(b) Operating Fund
As at 31st December
- Operational expenses
- Amortisation for intangible assets
- Depreciation for property, plant and
equipment
(471,568)
29,206,387
(574,126)
15,983,013
17,516,900
Less: Transfer to Income Statement
11,051,475
11,689,487
Add: - Grants received from the Government of Malaysia
4,931,538
1,296,117
12,985,604
961,902
11,689,487
RM
RM
17,140,662
2007
2008
At 1st January
(a) Development Fund
(a)
(b)
Operating Fund
Note
Development Fund
9. GOVERNMENT GRANTS
92
Items included in the financial statements of the Company are measured using the currency of
the primary economic environment in which the entity operates ("functional currency"). The
financial statements are presented in Ringgit Malaysia, which is the Company's functional and
presentation currency.
(o) Functional and Presentation Currency
Cash represents cash and bank balances while cash equivalents are short term, highly liquid
placements that are readily convertible to cash with insignificant risks to changes in value.
(n) Cash and Cash Equivalents
Operating grants receivable from the Government of Malaysia are credited to the Government
Grants Account and recognised in the income statement in the same period as the related
expenses which they are intended to compensate. Operating grants utilised for capital
expenditure are credited to the Government Grants Account - Operating Fund. The amount
utilised are recognised in the income statement over the life of the assets acquired by the annual
transfer of an amount equal to the depreciation charge.
Development grants received for deliverables under the RMK 9 projects are recognised in the
income statement in the same period as the related expenses which they are intended to
compensate.
Development grants in respect of capital expenditure receivable from the Government of
Malaysia are credited to the Government Grants Account - Development Fund. The amounts
utilised are recognised in the income statement over the life of the assets acquired by the annual
transfer of an amount equal to the depreciation charge.
(m) Recognition of Grants
A financial instrument issued by the Company is classified as a liability or equity in accordance
with the substance of the contractual arrangement. Interest, gains and losses relating to a
financial instrument classified as liability are reported as expense or income. Distributions to
holders of financial instruments classified as equity are charged directly to equity. Financial
instruments are offset when the Company has a legally enforceable right to set off the recognised
amounts and intends either to settle on a net basis, or to realise the asset and settle the liability
simultaneously.
A financial asset is any asset that is cash; a contractual right to receive cash or another financial
asset from another enterprise; a contractual right to exchange financial instrument with another
enterprise under conditions that are potentially favourable; or an equity instrument of another
enterprise.
Total
Motor
Vehicles
Office
Equipment
RM
RM
RM
RM
Furniture &
Fittings
4. SIGNIFICANT ACCOUNTING POLICIES (Contd)
1,842,413
IT Equipment
RM
RM
Renovation &
Improvement
2008
4,949,904
351,711
2,103,163
9,763,259
At 1st January
652,617
4,813,355
171,926
176,012
2,699,283
171,926
527,723
4,802,446
920,480
1,498,271
Additions
267,863
3,340,684
As at 31st December
892,741
10,030
45,420
448,490
509,265
20,385
225,996
193,294
83,692
305,109
Charge for the year
At 1st January
69,590
1,402,006
10,030
65,805
674,486
8,361,253
161,896
461,918
4,127,960
767,198
2,842,281
Net Book Value At 31st December, 2008
153,282
498,403
As at 31st December
3,800,174
137,041
374,878
2,516,202
221,670
93,314
1,811,285
4,949,904
389,933
Additions
732,416
2,555,839
At 1st January
(1,366,472)
(7,000)
(173,113)
(1,103,359)
(83,000)
351,711
2,103,163
652,617
1,842,413
As at 31st December
Adjustment
37,697
1,198
6,545
509,265
169,748
6,408
23,546
At 1st January
471,568
19,187
219,451
4,440,639
Charge for the year
63,182
20,385
225,996
331,326
1,877,167
583,027
193,294
69,590
1,649,119
Net Book Value At 31st December, 2007
As at 31st December
Accumulated Depreciation:
Cost:
2007
Accumulated Depreciation:
Cost:
5. PROPERTY, PLANT AND EQUIPMENT
93
90
Provisions are made when the Group and the Company have a present legal or constructive
obligation as a result of past events, when it is probable that an outflow of resources will be
required to settle the obligation, and when a reliable estimate of the amount can be made.
(h) Provision for Liabilities
Trade receivables are stated at invoiced amount less allowance for doubtful debts. Allowance
for doubtful debts is made based on estimates of possible losses which may arise from noncollection of certain receivable accounts at the end of the financial year. Bad debts are written
off when identified.
(g) Receivables
An impairment loss is charged to the income statement immediately. Subsequent increase in the
recoverable amount of an asset is treated as a reversal of the previous impairment loss and is
recognised to the extent of the carrying amount of the asset that would have been determined
(net of amortisation and depreciation) had no impairment loss been recognised. The reversal is
recognised in the income statement immediately.
The carrying values of assets (other than inventories and financial assets) are reviewed for
impairment when there is an indication that the asset value might be impaired. Impairment is
measured by comparing the carrying values of the assets with their recoverable amounts. The
recoverable amount is the higher of net realisable value and value in use, which is measured by
reference to discounted future cash flows. Recoverable amounts are estimated for individual
assets or, if it is not possible, for the relevant cash-generating unit.
(f) Impairment of Assets
Computer software development costs recognised as assets are amortised over 5 years using the
straight line basis.
Costs associated with developing and maintaining computer software programmes are
recognised as an expense when incurred. Costs that are directly associated with identifiable and
unique software products controlled by the Company, and that will probably generate economic
benefits exceeding costs beyond one year, are recognised as intangible assets.
Acquired computer software licences are capitalised on the basis of the costs incurred to acquire
and bring to use the specific software. These costs are amortised over their estimated useful lives,
not exceeding a period of 5 years.
This comprises specialised computer software.
(e) Intangible Assets
4. SIGNIFICANT ACCOUNTING POLICIES (Contd)
91
Financial instruments carried on the balance sheet include cash and bank balances, receivables
and payables. The particular recognition methods adopted are disclosed in the individual
accounting policy statement associated with each item.
(l) Financial Instruments
Consultancy service charges, seminar and training fees and interest income are recognised on
an accruals basis.
(k) Income Recognition
As required by law, the Company makes contributions to the Employees Provident Fund (“EPF”).
The contributions are recognised as an expense in the income statement as incurred.
Defined contribution benefits
Wages, salaries and bonuses are recognised as an expense in the year in which the associated
services are rendered by employees of the Company. Short term accumulating compensated
absences such as paid annual leave are recognised when services are rendered by employees
that increase their entitlement to future compensated absences, and short term non-accumulating
compensated absences such as sick leave are recognised when the absences occur.
Short term benefits
(j) Employee Benefits
Deferred tax is provided for, using the liability method, on temporary differences at the balance
sheet date between the tax bases of assets and liabilities and their carrying amounts in the
financial statements. In principle, deferred tax liabilities are recognised for all taxable temporary
differences and deferred tax assets are recognised for all deductible temporary differences,
unabsorbed tax losses and unutilised capital allowances to the extent that it is probable that
taxable profit will be available against which the deductible temporary differences, unabsorbed
tax losses and unutilised capital allowances can be utilised.
Deferred tax is measured at the tax rates that are expected to apply in the period when the asset
is realised or the liability is settled, based on tax rates that have been enacted or substantively
enacted at the balance sheet date.
Income tax on the results for the period comprises current and deferred tax. Current tax is the
expected amount of income taxes payable in respect of the taxable income for the year and is
measured using the tax rate at the balance sheet date.
(i) Income Tax
88
89
Residual values and useful lives of assets are reviewed, and adjusted, if appropriate, at each
balance sheet date.
IC Interpretation 10 does not allow an impairment loss recognised in a previous interim period
in respect of goodwill or an investment in either an equity instrument or a financial asset carried
at cost to be reversed at a subsequent balance sheet date. IC Interpretation 10 is not relevant to
the Company's operations.
10%
10%
20%
10%
When property, plant and equipment is disposed, the resultant gain or loss on disposal is
determined by comparing the disposal proceeds with the carrying amount and is included in the
income statement.
Furniture and fittings
Office equipment
IT Equipment
Renovation and Improvements
Depreciation on property, plant and equipment is calculated on a straight line basis to write
down the costs of assets to their residual values over the estimated useful lives of the assets. The
annual rates of depreciation used for this purpose are as follows:-
Property, plant and equipment are stated at cost less accumulated depreciation and impairment
losses, if any.
(d) Property, Plant and Equipment
IC Interpretation 14 addresses how entities should determine the limit placed on the amount of
a surplus in a pension plan they can recognised as an asset. Also, it addresses how a minimum
funding requirement affects that limit and when a minimum funding requirement creates an
onerous obligation that should be recognised as a liability in addition to that otherwise
recognised under IAS 19. This interpretation is not relevant to the Company's operations.
IC Interpretation 14 : The Limit on a Defined Benefit Asset, Minimum Funding Requirements
and Their Interaction
IC Interpretation 13 explains how entities that grant loyalty award points to its customers should
account for their obligations to provide free or discounted goods or services if and when the
customers redeem the points. This interpretation is not relevant to the Company's operations.
IC Interpretation 13 : Customer Loyalty Programmes
IC Interpretation 11 clarifies how share-based payment transactions involving its own or another
entity's instruments in the same group are to be treated and that cancellations by parties other
than the entity are to be treated in the same way as cancellations by the entity. This interpretation
is not relevant to the Company's operations.
IC Interpretation 11 : FRS 2 - Group and Treasury Share Transactions
IC Interpretation 10 : Interim Financial Reporting and Impairment
IC Interpretation 9 requires an entity to assess whether an embedded derivative is required to be
separated from the host contract and accounted for as a derivative when the entity first becomes
a party to the contract. Subsequent reassessment is prohibited unless there is a change in the
terms of the contract that significantly modifies the cash flows that otherwise would be required
under the contract in which case reassessment is required. The adoption of this interpretation
will not have any significant financial impact on the financial statements of the Company.
IC Interpretation 9 : Reassessment of Embedded Derivatives
The amendments to FRS 127 removes the requirement to distinguish between the pre and post
acquisition dividends from a subsidiary, jointly controlled entities or associates. FRS 127 has
also been amended to deal with situations where a parent reorganises its group by establishing
a new entity as its parent. Under the new rules, the new parent measures the cost of its
investments in the original parent at the recognition date. These amendments are not relevent to
the Company's operations.
The amendments to FRS 1 allow an entity, on transition to the FRS framework, to measure the
initial cost of investments in subsidiaries, jointly controlled entities and associates either at cost
as determined by FRS 127 or deemed cost. Deemed cost is either the fair value or the carrying
amount under the previous accounting practice. These amendments are not relevant to the
Company as the Company has already adopted FRS.
Amendment to FRS 1 : First-time Adoption of Financial Reporting Standards and FRS 127,
Consolidated and Separate Financial Statements - Cost of an Investment in a Subsidiary, Jointly
Controlled Entity and Associates
The amendments to FRS 2 clarify that vesting conditions are service condiitons and performance
conditions only and do not include other features of share-based payments; also the amendments
clarify that cancellations by parties other than the entity are to be treated in the same way as
cancellations by the entity. This amendment is not relevent to the Company's operations.
Amendment to FRS 2 : Share-based Payments - Vesting Conditions and Cancellations
(c) FRSs And IC Interpretations That Are Not Yet Effective and
Have Not Been Early Adopted (Contd)
4. SIGNIFICANT ACCOUNTING POLICIES (Contd)
86
The limit on a Defined Benefit Asset, Minimum
1 January 2010
Funding Requirements and their interaction
__________________________________________________________________________________
IC Interpretation 14
IC
Interpretation 11
Group and Treasury Share Transactions
1 January 2010
__________________________________________________________________________________
IC
Interpretation
13
Customer
Loyalty
Programmes
1
January 2010
__________________________________________________________________________________
IC
Interpretation 9
Reassessment of Embedded Derivatives
1 January 2010
__________________________________________________________________________________
IC
Interpretation
10
Interim
Financial
Reporting
and
Impairment
1
January 2010
__________________________________________________________________________________
Consolidated and Separate Financial Statements:
1 January 2010
Cost of an Investment in a Subsidiary,
Jointly Controlled Entity or Associate
__________________________________________________________________________________
Amendments to
FRS 127
Amendments to
Share-based Payment - Vesting Conditons and
1 January 2010
FRS 2
Cancellations
__________________________________________________________________________________
Amendments to
First-time Adoption of Financial Reporting Standards 1 January 2010
FRS 1
__________________________________________________________________________________
Financial Instruments :
1 January 2010
Recognition and Measurement
__________________________________________________________________________________
FRS 139
FRS
8
Operating Segments
1 July 2009
__________________________________________________________________________________
FRS
123
Borrowing
costs
1 January 2010
__________________________________________________________________________________
FRS
4
Insurance Contracts
1 January 2010
__________________________________________________________________________________
FRS
7
Financial
Instruments
:
Disclosure
1
January 2010
__________________________________________________________________________________
Effective for
financial period
beginning on
or after
__________________________________________________________________________________
The Company has not early adopted the following new FRSs and the IC Interpretations which
have been issued by the MASB but are not yet effective :-
(c) FRSs And IC Interpretations That Are Not Yet Effective and
Have Not Been Early Adopted
The amendment to FRS 121 requires that all exchange differences arising from a monetary item
that forms part of the Company's net investment in a foreign operation to be recognised as a
separate component of the equity in the consolidated financial statements regardless of the
currency in which the monetary item is denominated. The adoption of this amendment did not
have any financial impact on the financial statements of the Company.
The FRS 107, 112, 118, 134 and 137 were revised to remove local guidance and editorial
matters to be indentical to the International Financial Reporting Standards. The adoption of these
standards did not result in any significant changes to the Company's accounting policies and did
not have any significant impact on the amounts reported in the financial statements.
4. SIGNIFICANT ACCOUNTING POLICIES (Contd)
87
FRS 139 establishes principles for recognising and measuring financial assets, financial liabilities
and some contracts to buy or sell non-financial items. Hedge accounting is permitted only under
strict circumstances. The impact of applying FRS 139 on these financial statements upon first
adoption of the standard is not disclosed by virtue of the exemption provided under paragraph
103A of FRS 139.
FRS 139 : Financial Instruments - Recognition and Measurement
FRS 123 replaces FRS 1232004 and removes the option of immediately recognising as an expense
borrowing costs that are directly attributable to the acquisition, construction or production of a
qualifying assets. The adoption of this standard will not have any significant financial impact on
the financial statements of the Company.
FRS 123 : Borrowing Costs
FRS 8 requires an entity to report financial and descriptive information about its operating
segments on the same basis as those used internally for evaluating operating segment performance
and deciding how to allocate resources to operating segments. FRS 8 is not relevant to the
Company's operations.
FRS 8 : Operating Segments
FRS 7 requires disclosures of information relating to the significance of financial instruments on
an entity's financial position and performance and the nature and extent of risks arising from
financial instruments to which the entity is exposed during the period and at the reporting date
and how the entity manages those risks. The impact of applying FRS 7 on these financial
statements upon its first adoption is not disclosed by virtue of exemption provided under
paragraph 44AB of this standard.
FRS 7 : Financial Instruments - Disclosure
FRS 4 specifies the financial reporting for insurance contracts by any entity that issues such
contracts ("insurers"). In particular, this standard requires disclosure that identifies and explains
the amounts in an insurer's financial statements arising from insurance contracts and helps users
of those financial statements to understand the amounts, timing and uncertainty of future cash
flows from insurance contracts. FRS 4 is not relevant to the Company's operations.
FRS 4 : Insurance Contracts
84
The financial statements of the Company are prepared under the historical cost convention
except as disclosed in this summary of significant accounting policies. The financial statements
comply with Financial Reporting Standards ("FRS") issued by the Malaysian Accounting Standards
Board ("MASB") and the provisions of the Companies Act, 1965.
(a) Basis of Preparation
4. SIGNIFICANT ACCOUNTING POLICIES
The Company's risk exposure is attributable to receivables in respect of trading activities which are
principally conducted on cost recovery basis. As the Company is not involved in trade, the exposure
to credit risk is minimal.
Credit risk
The Company practises prudent liquidity risk management to minimise the mismatch between
financial assets and liabilities. Since the Company's operations are fully funded by the Government
of Malaysia, the element of risk is low.
Liquidity risk
The Company's risk management policies seek to ensure that adequate financial resources are
available for the development of its operations while managing its liquidity and credit risk.
3. FINANCIAL RISK MANAGEMENT POLICIES
The address of the registered office and principal place of operations is located at Level 7, Sapura@
Mines, No. 7 Jalan Tasik, The Mines Resort City, 43300 Seri Kembangan, Selangor.
The Company is a company limited by guarantee, not having a share capital, not for profit,
incorporated and domiciled in Malaysia . Currently, the Company has 2 members. In the event that
the Company is wound up, a member or a person who was a member twelve months prior to that
event is liable to contribute to the assets of the Company a sum not exceeding Ringgit Malaysia One
Hundred (RM100).
The financial statements of the Company were authorised for issue on 10th June, 2009 by the Board
of Directors.
2. GENERAL INFORMATION
There have been no significant changes in these activities during the year.
The principal activities of the Company are the provision of cyber security services to the Malaysian
public namely Computer Emergency services, Security Quality Management services, Cyber Threats
and Policy Research services and Training and Outreach services.
1. PRINCIPAL ACTIVITIES
31ST DECEMBER, 2008
NOTES TO THE FINANCIAL STATEMENTS
85
IC Interpretation 8
Scope of FRS 2 - Share-based Payment
__________________________________________________________________________________
Liabilities arising from Participating in a Specific Market
- Waste Electrical and Electronic Equipment
__________________________________________________________________________________
IC Interpretation 7
Applying the Restatement Approach under FRS 1292004
- Financial Reporting in Hyperinflationary Economies
__________________________________________________________________________________
IC Interpretation 6
IC
Interpretation 2
Members' Shares in Co-operative Entities and Similar Instruments
__________________________________________________________________________________
IC Interpretation 5
Rights to Interests arising from Decommissioning,
Restoration and Environmental Rehabilitation Funds
__________________________________________________________________________________
FRS
134
Interim Financial Reporting
__________________________________________________________________________________
IC Interpretation 1
Changes in Existing Decommissioning, Restoration and
Similar Liabilities
__________________________________________________________________________________
FRS
126
Accounting and Reporting by Retirement Benefit Plans
__________________________________________________________________________________
FRS
129
Financial
Reporting in Hyperinflationary Economies
__________________________________________________________________________________
__________________________________________________________________________________
FRS
111
Construction Contracts
__________________________________________________________________________________
The other new and revised FRSs and IC Interpretations issued by the MASB that are effective
beginning on after 1st July, 2007 but which are not applicable to the Company's operations
are as follows :-
FRS
137
Provision, Contingent Liabilities and Contingent Assets
__________________________________________________________________________________
Amendment
to FRS 121
The Effects of Changes in Foreign Exchange Rates
__________________________________________________________________________________
FRS 120
Accounting for Government Grants and Disclosure
for Government Assistance
__________________________________________________________________________________
FRS
112
Income Taxes
__________________________________________________________________________________
FRS
118
Revenue
__________________________________________________________________________________
__________________________________________________________________________________
FRS
107
Cash Flow Statement
__________________________________________________________________________________
During the year, the Company adopted the following new and revised FRSs that are relevant to
its operations and which are mandatory for the financial period beginning on or after 1st July,
2007 :-
(b) FRSs And IC Interpretations That Are Effective
In the preparation of the financial statements, management has been required to make
judgements, estimates and assumptions that affect the application of accounting policies and the
reported amounts of assets, liabilities, income and expenses. Actual results may differ from these
estimates. Estimates and underlying assumptions are reviewed on an ongoing basis. Revisions to
accounting estimates are recognised in the financial statements in the period in which the
estimate is revised and in any future periods affected.
427,736
686,079
(175,778)
510,301
Net surplus of income for the year
Balance at 31st December, 2007
Net deficit of income for the year
Balance at 31st December, 2008
82
(The notes on pages 84 to 97 form part of these financial statements.)
258,343
As at 1st January, 2007
RM
(The notes on pages 84 to 97 form part of these financial statements.)
Fixed deposit
Cash and bank balances
3,000,000
6,426,961
9,426,961
9,426,961
CASH AND CASH EQUIVALENTS AT END OF YEAR
CASH AND CASH EQUIVALENTS COMPRISE:-
9,105,219
321,742
17,516,900
CASH AND CASH EQUIVALENTS
AT BEGINNING OF THE YEAR
NET INCREASE IN CASH AND CASH EQUIVALENTS
DURING THE YEAR
CASH FLOWS FROM FINANCING ACTIVITY
Government grants received (Note 9a)
(4,813,355)
(1,008,801)
(5,822,156)
12,000,000
(50,956)
(11,373,002)
Government grants received (Note 9b)
Interest received
Net cash used in operating activities
CASH FLOWS FROM INVESTING ACTIVITIES
Purchase of property, plant and equipment
Purchase of intangible assets
(28,812)
(108,813)
186,813
(23,322,046)
260,787
892,741
50,956
(24,399,940)
(23,371,234)
(175,778)
2008
RM
Increase in trade receivables
(Increase)/decrease in other receivables
Increase/(decrease) in other payables
Changes in working capital :-
Amortisation of intangible assets
Depreciation of property, plant and equipment
Interest income
Grant income recognised
Adjustments for:
(Deficit)/surplus of income before tax
CASH FLOWS FROM OPERATING ACTIVITIES
FOR THE YEAR ENDED 31ST DECEMBER, 2008
FOR THE YEAR ENDED 31ST DECEMBER, 2008
Accumulated Reserves
CASH FLOW STATEMENT
STATEMENT OF CHANGES IN RESERVES
9,105,219
9,105,219
9,105,219
4,640,352
4,464,867
11,051,475
(1,149,730)
(299,467)
(1,449,197)
11,147,800
(28,475)
(5,137,411)
(56,775)
25,574
(3,186,764)
(16,256,736)
67,140
471,568
28,475
(14,033,690)
(13,038,771)
427,736
2007
RM
83
96,875
19,608,132
Total Reserves and Liabilities
80
(The notes on pages 84 to 97 form part of these financial statements.)
995,267
18,102,564
Other payables and accruals
Current Liabilities
Government grants
Non Current Liabilities
14,480,137
808,454
12,985,604
686,079
(The notes on pages 84 to 97 form part of these financial statements.)
NET (DEFICIT)/SURPLUS OF INCOME FOR THE YEAR
14
510,301
TAXATION
Accumulated reserves
Reserves
(175,778)
-
(175,778)
(6,706,006)
GENERAL AND OTHER EXPENSES
(17,029,211)
57,877
(1,306,364)
12
24,399,940
407,986
(271,824)
679,810
RM
2008
ADVERTISING AND MARKETING EXPENSES
ADMINISTRATIVE EXPENSES
OTHER INCOME
11
13
14,480,137
9,556,706
10,016,073
19,608,132
9,105,219
-
354,612
6,426,961
3,000,000
466,137
122,975
INCOME FROM GRANTS
SURPLUS OF INCOME BEFORE TAXATION
9
8
7
482,792
4,923,431
1,230,806
9,592,059
4,440,639
10
Note
RESERVES AND LIABILITIES
Total Assets
Cash and bank balances
Short term deposits with licensed banks
Other receivables
Trade receivables
Current Assets
6
Intangible assets
8,361,253
COST OF SERVICES RENDERED
5
Non Current Assets
Property, plant and equipment
REVENUE
RM
2007
ASSETS
RM
2008
FOR THE YEAR ENDED 31ST DECEMBER, 2008
AS AT 31ST DECEMBER, 2008
Note
INCOME STATEMENT
BALANCE SHEET
427,736
-
427,736
(3,461,641)
(434,407)
(9,855,822)
30,906
14,033,690
115,010
(281,820)
396,830
RM
2007
81
(Appointed on 11th May, 2009)
(Resigned on 29th August, 2008)
(Resigned on 23rd June, 2008)
(Chairman) (Appointed on 13th November, 2008)
any contingent liability of the Company which has arisen since the end of the financial year.
(b)
The auditors, Azman, Wong, Salleh & Co., have expressed their willingness to continue in office.
In accordance with a resolution of the Board of Directors dated 10th June, 2009.
Before the income statement and balance sheet were made out, the Directors took reasonable steps:
to ascertain that action had been taken in relation to the writing off of bad debts and the making of
allowance for doubtful debts and have satisfied themselves that all known bad debts had been written
off and that adequate allowance had been made for doubtful debts; and
to ensure that any current assets, other than debts, which were unlikely to realise in the ordinary
course of business their values as shown in the accounting records of the Company had been written
down to an amount which they might be expected so to realise.
(a)
(b)
which would render the values attributed to current assets in the financial statements of the Company
misleading; or
which have arisen which render adherence to the existing method of valuation of assets or liabilities
of the Company misleading or inappropriate.
(b)
(c)
78
which would render the amounts written off for bad debts or the amount of the allowance for
doubtful debts in the financial statements of the Company inadequate to any substantial extent; or
(a)
Kuala Lumpur,
Date: 10th June, 2009
LT COL HUSIN BIN JAZRI (RETIRED)
79
AUDITORS
OTHER STATUTORY INFORMATION
At the date of this report, the Directors are not aware of any circumstances:
there has not arisen in the interval between the end of the financial year and the date of this report
any item, transaction or event of a material and unusual nature likely to substantially affect the results
of the operations of the Company for the financial year in which this report is made.
(b)
Neither during nor at the end of the financial year was the Company a party to any arrangements whose
object was to enable the Directors to acquire benefits by means of the acquisition of shares in or debentures
of the Company or any other body corporate.
DATO’ ABDUL HANAN BIN ALANG ENDUT
the results of the Company's operations during the financial year were not substantially affected by
any item, transaction or event of a material and unusual nature; and
In the opinion of the Directors:
At the date of this report, the Directors are not aware of any circumstances not otherwise dealt with in this
report or the financial statements which would render any amount stated in the financial statements
misleading.
any charge on the assets of the Company which has arisen since the end of the financial year which
secures the liability of any other person; or
(a)
At the date of this report, there does not exist:
No contingent or other liability has become enforceable or is likely to become enforceable within the
period of twelve months after the end of the financial year which, in the opinion of the Directors, will or
may substantially affect the ability of the Company to meet its obligations as and when they fall due.
(a)
Since the end of the last financial year, no Director of the Company has received or become entitled to
receive any benefit (other than a benefit included in the aggregate amount of emoluments received or due
and receivable by the Directors shown in the financial statements, or the fixed salary of a full time
employee of the Company) by reason of a contract made by the Company or a related corporation with
the Director or with a firm of which the Director is a member, or with a company in which the Director
has a substantial financial interest.
DIRECTORS BENEFIT
Dato' Abdul Hanan bin Alang Endut
Lt Col Husin Bin Jazri (Retired)
Rubaiah bte Hashim
Ir Md Shah Nuri Md Zain
Datuk Abang Abdul Wahap bin Abg Julai
Datuk Alihan bin Hj A Hamid
Tuan Haji Hanaffi bin Ahmad
The Directors in office since the date of last Directors' Report are:-
DIRECTORS OF THE COMPANY
76
Ringgit Malaysia (RM)
Functional and Presentation Currency
Azman, Wong, Salleh & Co.
(AF: 0012)
Chartered Accountants
Auditors
Jailany bin Jaafar
Company Secretary
Level 7, Sapura@Mines
No. 7 Jalan Tasik
The Mines Resort City
43300 Seri Kembangan
Selangor
Administrative and Correspondence Address
Level 7, Sapura@Mines
No. 7 Jalan Tasik
The Mines Resort City
43300 Seri Kembangan
Selangor
Registered Office
RM
175,778
77
There were no material transfers to or from reserves or provisions during the year ended 31st December,
2008.
RESERVES AND PROVISIONS
Net deficit of income for the year
RESULTS
The Company was incorporated under the Companies Act, 1965 on 14th March, 2006 as a company
limited by guarantee, not having a share capital and not for profit. Currently, the Company has 2 members.
In the event that the Company is wound up, a member or a person who was a member twelve months
prior to that event is liable to contribute to the assets of the Company a sum not exceeding Ringgit
Malaysia One Hundred (RM100).
LIMITED LIABILITY
There have been no significant changes in this activity during the year.
The principal activities of the Company are the provision of Cyber National Security Services namely
Computer Emergency services, Security Quality Management services, Cyber Threats and Policy Research
services and Training and Outreach services.
At a Cabinet meeting held on 28th September, 2005, it was agreed that Cybersecurity Malaysia be formed
as a Company limited by Guarantee (“CLG”) which shall be fully funded by the Government of Malaysia
to take over the NISER division of MIMOS Berhad. The take over of NISER division was implemented via
transfer of all relevant assets, liabilities, rights, obligations, employees and operations with effect from 9th
May, 2006.
PRINCIPAL ACTIVITY
The Directors have pleasure in submitting their report and the audited financial statements of the Company
for the year ended 31st December, 2008.
Board of Directors
Dato' Abdul Hanan bin Alang Endut (Chairman)
Lt Col Husin Bin Jazri (Retired)
Rubaiah bte Hashim
Ir Md Shah Nuri Md Zain
Datuk Abang Abdul Wahap bin Abg Julai
DIRECTORS' REPORT
CORPORATE INFORMATION
74
For The Year Ended 31st December 2008
STATUTORY
FINANCIAL STATEMENTS
CYBERSECURITY MALAYSIA
(Company Limited By Guarantee)
75
14 September
CyberSecurity Malaysia telah dipanggil
untuk turut serta dalam siasatan forensik
digital yang dikendalikan oleh
Suruhanjaya Syarikat Malaysia (SSM)
22 Ogos
Majlis Penganugerahan SIRIM – Industri
2008, di Sunway Resort Hotel & SPA,
Petaling Jaya
72
16 - 26 September
Satu kajian kepuasan pelanggan telah
dilaksanakan bagi mendapatkan
maklumbalas terhadap prestasi
perkhidmatan yang disediakan oleh
Cybersecurity Malaysia.
13 September
Peperiksaan CISSP dan SSCP telah
diadakan di Universiti Tenaga Nasional
(UNITEN), Bangi, Selangor.
14 - 17 Ogos
Pameran Kesedaran Internet di Minggu
Sains, Teknologi dan Inovasi (MISTI)
Sabah 2008
26 Ogos
Lawatan Ke Institut Kajian Strategik Dan
Antarabangsa (ISIS) Malaysia
10 September
Ceramah yang bertajuk ‘Ancaman
Keselamatan ICT Pada Masa Kini’ telah
disampaikan di Kementerian Pertahanan
kepada seramai 210 orang kakitangan
organisasi tersebut.
09 September
Seminar Kesedaran Keselamatan Siber
ini berlangsung sempena lawatan dari
Institut Perguruan Bahasa Melayu
Malaysia ke CyberSecurity Malaysia.
SEPTEMBER 2008
___________________________________
28 Ogos 2008
Hari Rekreasi Kakitangan CyberSecurity
Malaysia
25 – 27 Ogos
Latihan Teknikal Untuk Bank Negara
Malaysia - Network Security, Mobile
Banking & Wireless Security diadakan di
Bilik Latihan, CyberSecurity Malaysia
Pelan Pengurusan Krisis Siber
Kebangsaan
a. 19 Ogos : Mesyuarat Jawatankuasa
Kawal Selia pelan telah diadakan di
Pusat Pengurusan Operasi Negara,
MKN, Putrajaya.
b. 25 Ogos : Mesyuarat Jawatankuasa
Pemandu
21- 23 Ogos
Mesyuarat dan bengkel untuk Pasukan
Petugas Operasi (PPO) bil 4/2008 (siri 9)
membincangkan tentang cara
membanteras laman web dan blog yang
melanggar undang-undang negara, di
Nexus Resort Karambunai, Kota
Kinabalu, Sabah.
18 - 21 Ogos
Ceramah Kesedaran Digital Forensik, di
Universiti Utara Malaysia, Sintok, Kedah.
4 - 8 dan 11 - 13 Ogos
Seminar CISSP & SSCP, berlangsung di
Bilik Latihan, CyberSecurity Malaysia.
11 Ogos
Mesyuarat Jawatankuasa Teknikal Bagi
Kajian Kelemahan & Kelompongan
Undang-Undang Malaysia Dalam
Menghadapi Cabaran Di Persekitaran
Siber
1 – 3 Ogos
Mengambil bahagian dalam pameran
MOSTI, Regatta Sarawak
OGOS 2008
___________________________________
Julai
Menjayakan Minggu Sains & Teknologi
ASEAN
Aktiviti Sepanjang Tahun 2008
6 – 10 Oktober
CyberSecurity Malaysia telah mewakili
Malaysia dan merupakan ahli yang aktif
dalam Kumpulan Kerja ISO/IEC SC27 di
Cyprus.
OKTOBER 2008
___________________________________
26 September
Kami menganjurkan seminar School
Cyber Safe Programme berlangsung di
Pejabat Pelajaran Daerah Hulu Langat,
Selangor.
19 - 25 September
Kami menghadiri Persidangan 9th
International Common Criteria
Conference, Common Criteria Executive
Subcommittee (CCES) and Common
Criteria Management Committee (CCMC)
Meetings anjuran IT Security
Certification Center (ITSCC), Badan
Pensijilan Korea Selatan.
19 September
CyberSecurity Malaysia membantu
Kementerian Perdagangan Dalam Negeri
dan Hal Ehwal Pengguna (KPDNHEP)
menjalankan siasatan forensik digital ke
atas sebuah syarikat perkhidmatan jualan
dalam talian di Puchong.
19 September
CyberSecurity Malaysia telah
memulakan projek komuniti dengan
mengadakan lawatan ke Rumah Anakanak Yatim dan warga miskin Bait
Al-Amin, Parit, Perak.
18 September
CyberSecurity Malaysia turut serta
menjayakan program ”Network Security
Awareness” yang dianjurkan oleh
Politeknik Seberang Perai, Pulau Pinang.
15 September
Pameran anjuran MOSTI dan IBM di
mana kami turut mengambil bahagian
telah berlangsung di One World Hotel,
Bandar Utama. Kuala Lumpur.
3-7 November
Kursus ISO 27001:2005 - Information
Security Management System IRCA
Registered Lead Auditor Course yang
dihadiri oleh pegawai-pegawai dari
CyberSecurity Malaysia telah diadakan
di Bilik Latihan, BSI Management
Systems Malaysia Sdn Bhd, Kuala
Lumpur.
NOVEMBER 2008
___________________________________
28 – 29 Oktober
Sesi Professional Talk oleh Dr Bradley
Jensen telah dianjurkan oleh Center for
Advance Software Engineering University
Technology Malaysia (CASE UTM) dan
Microsoft Corporation.
Program Kesedaran Keselamatan Siber
a. 13 Oktober : menyediakan Latihan
Pengurusan Sains & Teknologi bagi
para Penyelidik di Pertubuhan
Negara-Negara Persidangan OIC, di
Legend Hotel
b. 15 Oktober : CyberSecurity Malaysia
telah dijemput untuk mengadakan
taklimat kesedaran Information
Security Management System (ISMS)
dan berkongsi pengalaman mengenai
aktiviti pelaksanaan dan pensijilan
ISO/IEC 27001:2005 kepada para
pekerja Agency Remote Sensing
Malaysia.
c. 28 – 29 Oktober : CyberSecurity
Malaysia telah dijemput oleh Sri
Lanka Computer Emergency
Response Team (SLCERT) untuk
memberi latihan amali Penetration
Testing sempena minggu
Keselamatan Siber Sri Lanka.
22 - 24 Oktober
CyberSecurity Malaysia menyertai The
Meridien 2008 Conference di Singapura
yang bertemakan “Meridian Connecting
and Protecting”
16 Oktober
Sambutan Hari Raya Kakitangan
CyberSecurity Malaysia
27– 28 November
FORUM ICT4ALL TUNIS + 3 Pameran di
Hammamet, Tunisia
25 – 27 November
Ceramah Pengurusan Keselamatan
Perlindungan Maklumat telah diadakan
di Kompleks Jabatan Perdana Menteri,
Putrajaya.
27 Nov
Kejohanan Bowling Kakitangan
CyberSecurity Malaysia
25 November
CyberSecurity Malaysia telah dijemput
untuk memberikan ceramah berkenaan
Digital Forensik kepada Jabatan
Perikanan, Sungai Petani.
12 – 13 November
Kursus Kesedaran Siber selama dua hari
ini telah diadakan di CyberSecurity
Malaysia.
24 November 2008
Ketua Setiausaha Negara (KSN), Y.Bhg
Tan Sri Mohd. Sidek bin Hj Hassan
julung kalinya telah melawat
CyberSecurity Malaysia. Lawatan ini
turut dihadiri oleh Ketua Setiausaha
MOSTI, Ketua Pengarah MAMPU serta
pegawai-pegawai kanan dari MAMPU.
12 -15 November
CyberSecurity Malaysia telah menyertai
pameran MISTI-MOSTI yang telah
diadakan di Perlis.
10 - 25 November 2008
Program Pensijilan Professional Critical
Infrastructure Protection (PCIP) yang
pertama di Malaysia
3 – 7 November
Program Latihan Forensik Komputer satu
program komprehensif anjuran bersama
Bank Negara Malaysia dan
CyberSecurity Malaysia.
73
25 Disember
CyberSecurity Malaysia telah dijemput
untuk menjadi ahli di dalam Kumpulan
Kerja Projek “Economic Research
Institute for ASEAN and East Asia ERIA.
Ia turut disertai oleh Singapura,
Thailand, Korea Selatan, Vietnam, China
dan Jepun.
18 – 19 Disember
Jabatan Pengurusan Keselamatan &
Amalan Terbaik CyberSecurity Malaysia
melaksanakan ujian kesedaran
Information Security Management
System (ISMS) kepada staf CyberSecurity
Malaysia.
18 Disember
CyberSecurity Malaysia telah dijemput
untuk mengendalikan Program
Kesedaran Keselamatan Komputer
anjuran Bank Pembangunan Malaysia
Berhad.
15 – 16 Disember
CyberSecurity Malaysia ini telah
menganjurkan Bengkel Pembangunan
Modul ”CyberSAFE in Schools” yang
dihadiri oleh 25 orang guru daripada
sekolah rendah dan menengah daripada
Pejabat Pelajaran Daerah Hulu Langat.
9 – 14 Disember
CyberSecurity Malaysia telah menyertai
persidangan High Technology Crime
Investigation Association (HTCIA) Asia
Pacific di Universiti Hong Kong.
12 Disember
Sebanyak 14 organisasi dari 13 negara
ahli Asia Pacific Computer Emergency
Response Team (APCERT) telah
mengambil bahagian di dalam latihan
kecemasan siber pada tahun ini.
DISEMBER 2008
___________________________________
28 November
Kami menganjurkan ceramah Digital
Forensik anjuran Suruhanjaya Syarikat
Malaysia.
70
17 April
Kempen Pelan Pengurusan Siber
Kebangsaan (NCCMP)
16 April 2008.
Lawatan kerja Pegawai-Pegawai
Kerajaan Antarabangsa ke CyberSecurity
Malaysia
14 - 18 April
Mesyuarat Jawatankuasa Teknikal
Mengenai Teknologi Maklumat – Teknik
Keselamatan (ISO/IEC/ JTC1/SC27)
3 April
Badan Persijilan Nasional bagi Skim
Penilaian dan Pensijilan Keselamatan
ICT Berdasarkan MS-ISO / IEC 15408
1 - 2 April
Mesyuarat Pasukan Petugas dan
Persidangan OIC-CERT di Tunisia
APRIL 2008
___________________________________
22 Mac – 19 April
Latihan pemulihan data dan teknik
membaiki hard disk di Myung Institute of
Technology, Korea.
16 - 18 Mac
Latihan Serbuan (Raid) anjuran
Kementerian Perdagangan Dalam Negeri
dan Hal Ehwal Pengguna (KPDNHEP)
untuk prosedur forensik digital di Sungai
Petani, Kedah.
d. Membentangkan laporan mengenai
Pembangunan Skim Common
Criteria di Malaysia, Aktiviti
membangunkan Pusat Vulnerability
Assessment Malaysia dan
Membangunkan Program Aplikasi
Web dan Secure Coding semasa
Bengkel Keselamatan Produk dan
Perkhidmatan ICT di persidangan
APECTEL Tokyo pada 24 Mac 2008
Mei
Pembentangan laporan / kertas kerja dan
menghadiri Perbincangan Keselamatan
Siber
a. Bengkel External Review telah
diadakan pada 7 Mei 2008 di Palace
of Golden Horses, Kuala Lumpur.
b. Pada 6 – 11 Mei 2008 pegawai
CyberSecurity Malaysia menghadiri
Persidangan Mobile Forensics World
2008 di Purdue University, Chicago,
29 Mei
Mesyuarat Dasar Keselamatan Siber
Nasional bagi Policy Thrust 2: Legislative
& Regulatory Framework Pusat
Konvensyen Antarabangsa Putrajaya,
Putrajaya.
20 – 22 Mei
Program INFOSEC.my. Program
berteraskan keselamatan siber, CEOs
telah dirasmikan oleh Y.B Timbalan
Menteri Sains, Teknologi dan Inovasi,
Tuan Hj Fadillah Yusof. Programprogram ini telah diadakan di Hotel J.W.
Marriot, Kuala Lumpur.
6 Mei
Pembangunan Standard Pengurusan
Kesinambungan Perniagaan (Business
Continuity Management) Peringkat
Kebangsaan
MEI 2008
___________________________________
5 Jun 2008
YB Timbalan Menteri MOSTI mendengar
taklimat Forensik Digital CyberSecurity
Malaysia
JUN 2008
___________________________________
27 Mei
Lawatan 20 pendakwa raya dari Kursus
Institut Latihan Kehakiman dan
Perundangan (ILKAP).
24 Mei - 22 Jun
DATA RECOVERY TRAINING
Data Recovery training telah diadakan di
Myung Information Technologies (MIT),
Korea
23 - 31 Mei
Pameran sempena Sambutan Pesta
Kaamatan di Kota Marudu, Sabah pada
23 – 25 Mei dan di Panampang pada 30
& 31 Mei 2008.
22 Mei
Kunjungan hormat oleh Encik Saisana
Prathoumvan, Encik Syyang Chertoi,
Encik Khampouy Outhaphone dari
National Authority of Posts and
Telecommunication, Laos serta Encik
Abdul Rahman A. Al-Friah dari
Communications and IT Commission
(CITC), Arab Saudi.
16 Mei
Kunjungan hormat oleh Encik Belhassen
Zouari dari National Security for
Computer Security, Tunisia, Dr. Seyed
Jalal Sadatian dari Boshra Strategic
Management Group, Iran serta Encik
Hassan Rajbari dari Kedutaan Iran.
22-23 April
Lawatan Kerja ke InformationTechnology Promotion Agency (IPA),
JEPUN
24 April
Lawatan Pertama Menteri Sains,
Teknologi dan Inovasi Ke Cybersecurity
Malaysia
c. Mengadakan latihan “Penyiasatan
Penipuan Kad Kredit” untuk pasukan
Polis Maldives pada 10 - 12 Mei
2008.
18 April
Mesyuarat meja bulat Ketua Pegawai
Maklumat bagi prasarana kritikal
maklumat negara (CNII CIO Roundtable)
Aktiviti Sepanjang Tahun 2008
23 Jun
Mesyuarat Dengan Microsoft, Seattle,
Washington, USA
19 Jun
Menganjurkan Bengkel Pendedahan dan
Penyelarasan Program ICTL Sekolah
Menengah, di Pejabat Pelajaran Hulu
Langat.
18 Jun
Lawatan dari Maktab Polis Di Raja,
Kuala Kubu Baharu.
13 Jun
Mesyuarat Jawatankuasa Teknikal Bil
1/2008 di Pusat Konvensyen
Antarabangsa Putrajaya.
12 -13 Jun
Menghadiri Seminar Asia-Pacific
Trustmark Alliance di Hanoi, Vietnam.
12 Jun
Pembangunan Standard Kesinambungan
Pengurusan Urusan (BCM) Di Peringkat
Kebangsaan.
11 Jun
Mesyuarat Pelan Pengurusan Krisis Siber
Kebangsaan (NCCMP), di Hotel Palace
of the Golden Horses, Kuala Lumpur.
9-12 Jun
International Cryptology Workshop and
Conference 2008 (Cryptology 2008),
diadakan di Pusat Dagangan Dunia Putra
(PWTC)
9 – 11 Jun
Menghadiri Seminar ISS World Asia
Pacific di Singapura bertajuk Intelligence
Support Systems for Lawful Interception,
Criminal Investigations and Intelligence
Gathering.
6 Jun
Kajian Kelemahan & Kelompongan
Undang-Undang Malaysia Untuk
Menghadapi Cabaran Di Persekitaran
Siber
Latihan Dan Kesedaran Keselamatan
Internet
a. 4 Julai 2008 : Mesyuarat Penyelaras
Makmal Komputer Sekolah – Sekolah
Daerah Hulu Langat
b. 8 Julai : Pameran “Cyber Security”
dan Ceramah “Cyber Security
Awareness” Sempena Minggu Pusat
Sumber Sekolah Menengah Taman
Jasmin 2, Kajang Selangor
8 - 11 Julai
Persijilan Iso/Iec 27001:2005
Certification: Audit Peringkat 2
JULAI 2008
___________________________________
28-29 Jun
Mesyuarat National Computer Security
and Incident Response Team (NCSIRT)
2008
26-27 Jun
International Conference of Digital
Evidence 2008 “Forensik Digital di
Malaysia” di International Conference of
Digital Evidence 2008 bertempat di
Vintners Hall, London United Kingdom.
26 - 27 Jun
Seminar Apec “Protection of Cyberspace
From Terrorist Use And Attacks” anjuran
oleh Kementerian Luar Negara dan
Perdagangan Korea Selatan yang
berlangsung di Seoul, Korea Selatan.
26 Jun
Sesi perbincangan mengenai Isu-Isu
Regulatori / Penguatkuasaan, Teknikal
dan Dasar bertempat di Pusat
Konvensyen Antarabangsa Putrajaya.
25 June
Attended the FIRST Annual Conference
and AGM 2008 in Vancouver, Canada
24 Jun
Mesyuarat Network Monitoring SIG
71
Pelan Pengurusan Krisis Siber
Kebangsaan
a. 7 Julai : Bengkel ‘Desktop
Walkthrough’ Prosedur Tindakbalas,
Komunikasi dan Penyelarasan
pengurusan Krisis Siber Negara
b. 21 Julai : Taklimat Latih Amal
berlangsung di Dewan Persidangan
MKN Putrajaya.
c. 24 Julai : Latih Amal Krisis Siber
2008 (X-Maya)
28 Julai
Seminar Technical IT Security, anjuran
Fakulti Kejuruteraan Universiti Malaya;
membincangkan dua topik utama.
i. Web Habits & Hacker-Defence
ii. Wireless Penetration Testing Toolkit
for Practical Security Professionals
21 Julai - 2 Ogos
Lawatan kerja kelima perunding bagi
projek pembangunan MyCC.
17-18 Julai
Mesyuarat “Regional Asia Information
Security Exchange (RAISE) Forum di
Hotel Istana, Kuala Lumpur
17 Julai
Taklimat bersama YB Timbalan Menteri
MOSTI bersempena dengan RAISE
Forum 2008, di Hotel Istana Kuala
Lumpur.
17 Julai
Seminar Standard Keselamatan
Maklumat, di Hotel Istana Kuala
Lumpur.
16 Julai
Program Kerjasama : Suruhanjaya
Tenaga Dan Cybersecurity Malaysia –
Bengkel Keselamatan Siber SCADA/DCS
yang diadakan di Hotel JW Marriot,
Kuala Lumpur.
c. 14-15 Julai : Kursus Security
Awareness, berlangsung di Makmal
Latihan CyberSecurity Malaysia.
68
9 – 14 Disember
CyberSecurity Malaysia participated
in the High Technology Crime
Investigation Association (HTCIA)
Asia Pacific Conference at the Hong
Kong University.
DECEMBER 2008
___________________________________
15 – 16 Disember
CyberSecurity Malaysia conducted
CyberSAFE in Schools module
development workshop which was
attended by 25 teachers from primary
and secondary schools within the Hulu
Langat District Education Department.
12 December
Fourteen organisations from 13 member
countries of the Asia Pacific Computer
Emergency Response Team (APCERT)
took part in the Cyber Emergency Drill
conducted during the year.
25 December
CyberSecurity Malaysia was invited to
be a member in the Economic Research
Institute for ASEAN and East Asia (ERIA)
project Working Group. The
membership consists of Singapore,
Thailand, South Korea, Vietnam, China
and Japan.
18 - 19 December
Security Management & Best Practices
Department of CyberSecurity Malaysia
carried out Information Security
Management System (ISMS) awareness
test for CyberSecurity Malaysia
employees
18 December
CyberSecurity Malaysia was invited to
conduct a Computer Security Awareness
Programme organised by Bank
Pembangunan Malaysia Berhad.
24 November
Secretary General, Y.Bhg Tan Sri Mohd. Sidek bin Hj Hassan visited CyberSecurity Malaysia for the first time. He was
accompanied by Secretary General of MOSTI, Director General of MAMPU as well as senior officers from MAMPU.
Activities Throughout 2008
28 - 29 Februari
Bengkel Pelan Tindakan Dasar
Keselamatan Siber Kebangsaan (NCSP)
di Miri Marriott Resort & Spa
FEBRUARI 2008
___________________________________
28 Januari
Mesyuarat peneraju teras bagi
persediaan Bengkel Pelan Tindakan
Dasar Keselamatan Siber Kebangsaan
(NCSP)
Pembentangkan laporan/kertas kerja dan
penganjuran program seminar/pensijilan
keselamatan siber
a. Menghadiri Forensics Speaker
Identification Lab , Agnition S.L di
Madrid, Sepanyol, pada 8 Januari
2008 hingga 12 Januari 2008.
b. Membentangkan kertas kajian
Internet & Computer Related
Offences : The Malaysian Perspective
di Persidangan Niseko: Internet Law
for Professional yang berlangsung di
Niseko, Hokkaido, Jepun pada 14 –
17 Januari 2008.
c. Menghadiri The Fourth Annual IFIP
WG 11.9 International Conference
on Digital Forensics pada 27 - 31
Januari 2008 di Kyoto, Jepun.
25 Januari
Cadangan penubuhan kerjasama
Pasukan Tindakan Kecemasan Komputer
(CERT) di kalangan Negara-Negara
Pertubuhan Persidangan Islam (OIC)
bersama pihak Kementerian Luar Negeri
15 Januari
Perbincangan mengenai Pelan
Pengurusan Krisis Siber Kebangsaan
(NCCMP)
JANUARI 2008
___________________________________
Sepanjang bulan Februari
Membentangkan laporan/kertas kerja
dan menganjurkan program seminar/
pensijilan keselamatan siber
a. CyberSecurity Malaysia dengan
kerjasama Majlis Keselamatan
Negara (MKN) telah menganjurkan
taklimat tentang inisiatif melindungi
Prasarana Kritikal Maklumat Negara
(CNII) dan pendedahan awal
terhadap Dasar Keselamatan Siber
Kebangsaan (NCSP) kepada ketua
sektor CNII (sector leads) pada 12
Februari 2008 dan 25 Februari 2008.
b. Melawat Shell Refining Co. (SRC) di
Port Dickson, Negeri Sembilan pada
13 Februari 2008 untuk mengkaji
operasi dan sistem keselamatan
maklumat yang digunakan.
c. Menganjurkan bengkel Technical
Writing di Palace of Golden Horses
pada 27-28 Februari 2008.
d. Menjalankan Peperiksaan Profesional
CISSP & SSCP pada 23 Februari
2008.
e. Menganjurkan Ceramah Security
Landscape in Malaysia pada 20
Februari 2008.
f. Menyertai Program Perkampungan
Sains, Teknologi dan Pendidikan di
Dewan Tun Razak, Baling Kedah
pada 13-17 Februari 2008.
25 - 26 Februari
Menghadiri Mesyuarat Business
Dialogue on Electronic Commerce
(GBDE) Business Steering Committee
(BSC) yang pertama 2008
18 - 20 Februari
ITU Regional Cybersecurity Forum di
Doha, Qatar.
14 - 15 Februari
CyberSecurity Malaysia menghadiri
mesyuarat pertama Asian Common
Criteria Scheme Owner di Security
Certification Center, Seoul, Korea
Selatan.
Aktiviti Sepanjang Tahun 2008
69
Membentangkan laporan/kertas kerja
dan menganjurkan program seminar/
pensijilan keselamatan siber
a. Membentangkan kertas kerja bertajuk
E-Government Implementation:
Security Challenges and Issues di
UiTM, Shah Alam pada 12 March
2008 dalam usaha memberi
kesedaran mengenai Keselamatan
Maklumat.
b. Menganjurkan Bengkel Wireless
Security bersempena Internet
Convergence Conference and
Exhibition 2008 (ICCE 2008) di
Sheraton Subang Jaya, kepada Ketua
Pegawai Keselamatan Maklumat,
Pengurus Keselamatan IT dan
Pengurus Network/Administrator
pada 13 Mac 2008.
c. Membentangkan kertas kerja
berkenaan Forensik Komputer:
Cabaran dan Peluang di:
t UiTM Shah Alam pada 14 Mar
2008;
t UiTM Ipoh pada 19 Mar 2008;
t HELP University College pada 26
Mac 2008
Sepanjang bulan Mac
Kempen Pelan Pengurusan Siber
Kebangsaan (NCCMP)
10-12 Mac
Mesyuarat Agung Tahunan dan
Persidangan Pasukan Tindakan
Kecemasan Komputer Asia Pasifik
(APCERT) - di Intercontinental Grand
Stanford, Hong Kong
MAC 2008
___________________________________
g. Menyertai MOHEX 2008 di Mid
Valley Exhibition Centre pada 23-24
Februari 2008.
66
6 – 10 October
CyberSecurity Malaysia represented
Malaysia and was an active member of
the ISO/IEC SC27 Working Group in
Cyprus
OCTOBER 2008
___________________________________
26 September
We organised the School Cyber Safe
Programme seminar held at the Hulu
Langat Education Department
19 – 25 September
We participated at the 9th International
Common Criteria Conference, Common
Criteria Executive Sub-Committee (CCES)
and Common Criteria Management
Committee (CCMC) Meetings organised
by the IT Security Certification Centre
(ITSCC), a South Korean Certification
Body
19 September
CyberSecurity Malaysia rendered its
assistance to the Ministry of Domestic
Trade and Consumer Affairs to conduct a
digital forensics investigation on an
online sale company in Puchong
19 September
CyberSecurity Malaysia initiated a
community project by organising a
visit to Rumah Anak-anak Yatim dan
Warga Miskin Bait Al-Amin, Parit,
Perak
18 September
CyberSecurity Malaysia participated in
the ‘Network Security Awareness’
programme organised by Politeknik
Seberang Perai, Pulau Pinang
28 – 29 October
A Professional Talk session by Dr
Bradley Jensen, organised by the Centre
for Advance Software Engineering
University Technology Malaysia (CASE
UTM) and Microsoft Corporation
22 – 24 October
CyberSecurity Malaysia participated in
the Meridien 2008 Conference in
Singapore, themed ‘Meridien Connecting
and Protecting’
15 October
CyberSecurity Malaysia was invited to
briefing on Information Security
Management System (ISMS) awareness
and share its experience in ISO/IEC
27001:2005 implementation and
certification to the Agency Remote
Sensing Malaysia's employees.
13 October
provided Science and Technology
Management Training for researchers of
OIC member countries held at the
Legend Hotel
16 Oktober
Staff Hari Raya Celebration
Activities Throughout 2008
3 – 7 November
Staff of CyberSecurity Malaysia attended
the ISO 27001:2005 – Information
Security Management System IRCA
Registered Lead Auditor Course which
was held at the Training Room of BSI
Management Systems Malaysia Sdn Bhd,
Kuala Lumpur
NOVEMBER 2008
___________________________________
28 – 29 October
CyberSecurity Malaysia was invited by
the Sri Lankan Computer Emergency
Response Team (SLCERT) to provide
technical training on Penetration
Testing in conjunction with the Sri
Lankan Cyber Security Week
27– 28 November
FORUM ICT4ALL TUNIS + 3
Exhibition in Hammamet, Tunisia
28 November
We delivered a talk on Digital Forensics
organised by the Companies
Commission of Malaysia (CCM).
27 November
A visit by teachers from schools under
the Hulu Langat District Education
Department to CyberSecurity Malaysia.
25 – 27 November
A talk on Information Protection Security
Management was held at the Prime
Minister’s Department Complex,
Putrajaya.
25 November
CyberSecurity Malaysia was invited to
deliver a talk on Forensics Digital to the
Fishery Department, Sungai Petani,
Kedah.
12 – 13 November
A two day Cyber Security Awareness
course was held at CyberSecurity
Malaysia.
3 – 7 November
Computer Forensics Training
Programme, a comprehensive
programme was co-organised by Bank
Negara Malaysia and CyberSecurity
Malaysia.
27 November
Staff Bowling Competition
10 - 25 November
The first Professional Critical
Infrastructure Protection (PCIP)
a
certification programme in Malaysia
12 -15 November
CyberSecurity Malaysia participated
ted
in the MISTI-MOSTI exhibition in
Perlis.
67
64
8 July
Cyber Security exhibition and Cyber
Security Awareness talk in
conjunction with the Resource Centre
Week of Sekolah Menengah Taman
Jasmin 2, Kajang, Selangor
7 July
‘Desktop Walkthrough’ workshop:
Response Procedures, Communication
and Coordination and National Cyber
Crisis Management
4 July
School Computer Lab Coordination
Meeting – for schools within Hulu
Langat District
July
a. Participated in the ASEAN Science &
Technology Week
b. Security Awareness course was held
at CyberSecurity Malaysia’s Training
Lab
JULY 2008
___________________________________
AUGUST 2008
___________________________________
28 July
Technical IT Security seminar organised
by the Engineering Faculty of University
of Malaya discussed two major topics:
i. Web Habits & Hacker-Defence
ii. Wireless Penetration Testing Tool Kit
for Practical Security Professionals
24 July
Practical training for Cyber Crisis
2008 (X-Maya)
21 July – 2 August
The fifth consultant working visit for
MyCC development project
21 July
Practical training briefing was held at the
Putrajaya MKN Convention Hall
17 – 18 July
The Regional Asia Information Security
Exchange (RAISE) Meeting was
conducted at Hotel Istana, Kuala Lumpur
1 – 3 August
Took part at the MOSTI Exhibition Regatta, Sarawak
17 July
Information Security Standard seminar
was held at Hotel Istana, Kuala Lumpur
16 July
The Energy Commission and
CyberSecurity Malaysia conducted
a collaborative programme –
Cyber Security SCADA/DCS workshop
at the J.W. Marriot Hotel,
Kuala Lumpur
8 – 11 July
ISO/IEC 27001:2005 Certification:
Second Level Audit
17 July
A briefing session with the Deputy Minister of MOSTI, was held in conjunction
with the RAISE Forum 2008, at Hotel Istana, Kuala Lumpur
Activities Throughout 2008
25 – 27 August
Technical training for Bank Negara
Malaysia – Network Security, Mobile
Banking & Wireless Security was held at
the Training Room of CyberSecurity
Malaysia
26 August
A visit to the Institute of Strategic and
International Studies (ISIS) Malaysia
21 – 23 August
Meeting and workshop for Operations
Task Force (OTF) No. 4/2008 (9th series)
discussed on methods of curbing web
sites and blogs contravening the nation’s
laws, was held at Nexus Resort
Karambunai, Kota Kinabalu
18 - 25 August
The National Cyber Crisis Management
Plan
a. 18 August: Plan Monitoring
Committee meeting was held at the
Operations Management Centre,
MKN, Putrajaya
b. 25 August: Steering Committee
Meeting
18 – 21 August
We conducted a talk on Digital
Forensics Awareness at Universiti Utara
Malaysia, Sintok, Kedah
14 – 17 August
We took part at the Internet Awareness
exhibition in conjunction with the Sabah
Science, Technology and Innovation
Week (MISTI) 2008
11 August
Technical Committee Meeting to study
Weaknesses and Vacuums of Malaysian
Laws in Addressing Challenges in Cyber
Space
4 - 8 & 11 - 13 August
The CISSP & SSCP seminars were held
at the Training Room of
CyberSecurity Malaysia
10 September
A talk entitled ‘Current ICT Security
Threats’ was delivered at the Defence
Ministry for 210 of its staff
9 September
A seminar on Cyber Security Awareness
was held in conjunction with the visit by
a delegation from Institut Perguruan
Bahasa Melayu Malaysia to
CyberSecurity Malaysia
SEPTEMBER 2008
___________________________________
28 August
CyberSecurity Malaysia Personnel
Recreational Day
65
16 – 26 September
A Customer Satisfaction Study was
conducted to solicit feedbacks on service
performance provided by CyberSecurity
Malaysia
15 September
An exhibition organised by MOSTI
and IBM, in which we were one of
the participants, was held at One
World Hotel, Bandar Utama, Kuala
Lumpur
14 September
CyberSecurity Malaysia was called to
assist in a digital forensics investigation
conducted by the Companies
Commission of Malaysia (SSM)
13 September
CISSP and SSCP examinations were held
at Universiti Tenaga Nasional (UNITEN),
Bangi, Selangor
22 August
tation ceremony at Sunway Resort Hotel &
SIRIM-Industry Awards 2008 presentation
Spa, Petaling Jaya
62
16 May
Courtesy visits by Mr Belhassen Zouri
from the National Security for Computer
Security, Tunisia, Dr Seyed Jalal Sadatian
from the Boshra Strategic Management
Group, Iran and Mr Hassan Rajbari from
the Iranian Embassy
6 May
Business Continuity Management
Standard Development at national level
May
Presented reports/working papers and
organised cyber seminar programmes/
security certifications
a. The External Review workshop was
held on 7 May 2008 at the Palace of
Golden Horses, Kuala Lumpur
b. From 6 to 11 May, officials from
CyberSecurity Malaysia attended the
Mobile Forensics World Conference
2008 at the Purdue University,
Chicago
c. Conducted “Credit Card Fraud
Investigation” training for Maldives
Police Force from 10 to 12 May
MAY 2008
___________________________________
22-23 April
A working visit to the Information
Technology Promotion Agency (IPA),
Japan
16 April
Working visit by foreign government
officers to CyberSecurity Malaysia
29 May
The National Cyber Security Policies
Meeting for Policy Thrust 2: Legislative
and Regulatory Framework was held at
the Putrajaya International Convention
Centre, Putrajaya
22 May
Courtesy visits by Mr Saisana
Prathoumvan, Mr Syyang Chertoi, and
Mr Khampouy Outhaphone from the
National Authority of Posts and
Telecommunication, Laos and Mr Abdul
Rahman A. Al-Friah from the
Communication and IT Commission
(CITC), Saudi Arabia
25 May - 22 June
Data Recovery Forensics training at
the Myung Institute of Technology
(MIT), Seoul, Korea
23 - 31 May
Participated in an exhibition in
conjunction with the Keamatan
Festival in Kota Marudu and
Penampang, Sabah.
27 May
A visit by 20 public prosecutors who
attended a course at Institut Latihan
Kehakiman dan Perundangan (ILKAP)
20 – 22 May
The INFOSEC.my, a cyber security based programme for CEOs was officially
launched by the Science, Technology and Innovation Deputy Minister, Tuan Hj
Fadillah Yusof, at the J.W. Marriot Hotel in Kuala Lumpur
Activities Throughout 2008
12 – 13 June
Attended the Asia Pacific Trustmark
Alliance held in Hanoi, Vietnam
12 June
Business Continuity Management (BCM)
standard development at national level
11 June
The National Cyber Crisis Management
Plan (NCCMP) was held at the Palace of
Golden Horses, Kuala Lumpur
9-12 June
International Cryptology Workshop
and Conference 2008 (Cryptology
2008) was held at the Putra World
Trade Centre (PWTC)
9 – 11 June
Attended the ISS World Asia Pacific
seminar entitled Intelligence Support
Systems for Lawful Interception, Criminal
Investigations and Intelligence Gathering
which was held in Singapore
6 June
A review on Weaknesses & Vacuums in
Malaysian Laws in Addressing
Challenges in the Cyber Space
5 June
The Deputy Minister of Science,
Technology and Innovation made an
official visit to CyberSecurity Malaysia
JUNE 2008
___________________________________
28 - 29 June
The National Computer Security and
Incident Response Team (NCSIRT)
26 - 27 June
An APEC seminar on “Protection of
Cyberspace from Terrorist Use and
Attacks” organised by the Ministry of
Foreign Affairs and the South Korean
Trades was held in Seoul, South Korea
26 June
A discussion session on Regulatory/
Enforcement, Technical, and Policy
Issues was held at the Putrajaya
International Convention Centre
63
26 - 27 June
Presented a working paper entitled “Forensics Digital in Malaysia” at the
International Conference of Digital Evidence 2008 at Vinters Hall, London, United
Kingdom
25 June
Attended the FIRST Annual Conference
and AGM 2008 in Vancouver, Canada
24 June
A meeting was held with Network
Monitoring SIG
23 June
A meeting was held with Microsoft
Corporation in Seattle, Washington, USA
19 June
Conducted ICT Programme Exposure
and Coordination workshop for
Secondary Schools within the Hulu
Langat Education Office
18 June
A visit by trainees from Maktab Polis
DiRaja, Kuala Kubu Baru
13 June
Technical Committee Meeting No. 1/2008 was held at the Putrajaya
International Centre
60
February
Presented reports/working papers and
organised cyber seminar programmes/
security certifications
a. In collaboration with the National
Security Council (NSC),
CyberSecurity Malaysia organised a
briefing session on Critical National
14 – 15 February
CyberSecurity Malaysia attended the first
Meeting of the Asian Common Criteria
Scheme Owner which was held at the
Security Certificate Centre, Seoul, South
Korea
FEBRUARY 2008
___________________________________
28 January
Core Leaders Meeting in preparation for
the Cyber Security Policies Action Plan
Workshop (NCSP)
25 January
Proposal to jointly establish a Computer
Emergency Response Team (CERT)
between member countries of the
Organisation of Islamic Conference
(OIC) and the Foreign Affairs Ministry
15 January
Official launching of the National Cyber
Crisis Management Plan (NCCMP)
Presented reports/working papers and
organised cyber seminar programmes/
security certifications
a. Attended the Forensics Speaker
Identification Lab, Agnition S.L in
Madrid, Spain from 8 to 12 January,
2008
b. Presented a study paper on Internet
& Computer Related Offences: the
Malaysian Perspective, at the Niseko
Conference: Internet Law for
Professionals held in Niseko,
Hokkaido, Japan from 14 to 17
January, 2008
c. Attended the Fourth Annual IFIP WG
11.9 International Conference on
Digital Forensics from 27 to 31
January, 2008, in Kyoto, Japan
JANUARY 2008
___________________________________
g.
f.
e.
d.
c.
b.
Information Infrastructure (CNII)
protection initiatives which gave
initial exposure on National Cyber
Security Policies (NCSP) for CNII
sector leads on 12 February and 25
February 2008
A visit to Shell Refining Co. (SRC) in
Port Dickson, Negeri Sembilan on 13
February 2008 to study information
security operations and systems in
use at the company
Organised a Technical Writing
Workshop at the Palace of Golden
Horses on 27 – 28 February 2008
Conducted the CISSP & SSCP
Professional Examination on 23
February 2008
Organises a talk on Security
Landscape in Malaysia on 20
February 2008
Participated in the Science,
Technology and Education Village
Programme held at Dewan Tun
Razak in Baling, Kedah from 13 to
17 February 2008
Participated in the MOHEX 2008 at
the Mid Valley Exhibition Centre
from 23 to 24 February
25 – 26 Februay
We were one of the participants at the
Business Dialogue Meeting on
Electronic Commerce (GBDE) of the
first Business Steering Committee
(BSC) in 2008
18 – 20 February
ITU Regional Cybersecurity Forum in
Doha, Qatar
28 – 29 February
The National Cyber Security Policies (NCSP) Action Plan Workshop held at Miri
Marriott Resort & Spa
Activities Throughout 2008
Presented reports/working papers and
organised cyber seminar programmes/
security certifications
a. Presented a working paper titled
E-Government Implementation:
Security Challenges and Issues, at
UiTM, Shah Alam on 12 March 2008
in its effort to create awareness on
Information Security
b. Organised Wireless Security
workshop in conjunction with the
Internet Convergence Conference
and Exhibition 2008 (ICCE 2008) at
the Sheraton Subang Jaya on 13
March 2008 for Chief Information
Security Officers, IT Security
Managers, and Network Users/
Administrators
c. Paper presentation on Computer
Forensics: Opportunities and
Challenges at:
t 6J5.4IBI"MBNPO.BSDI
2008
t 6J5.*QPIPO.BSDI
t )&-16OJWFSTJUZ$PMMFHFPO
March 2008
d. Presented reports on the
Development of Common Criteria
Scheme in Malaysia, development
activities for Vulnerability Assessment
in Malayisa and Development of
Web Application Programme and
Secure Coding during the ICT
Products and Services Security
workshop at the 37th APECTEL in
Tokyo on 24 March 2008
March
The National Cyber Crisis Management
Plan (NCCMP)
10 – 12 March
Annual General Meeting and the Asia
Pacific Computer Emergency
Response Team (APCERT) conference
held at the Grand Stanford, Hong
Kong
MARCH 2008
___________________________________
61
18 April
Chief Information Officers Round Table
Meeting for the National Critical
Information Infrastructure (NCII) (CNII
CIO Roundtable)
17 April
The National Cyber Crisis Management
Plan (NCCMP)
14 – 18 April
Technical Committee Meeting on
Information Technology – Security
Techniques (ISO/IEC/ JTC/SC27)
3 April
The National Certification Body for
the MS-ISO/IEC 15408 ICT-based
d
Security Evaluation and Certification
n
Scheme
24 April
The Minister of Science, Technology and Innovation made his first visit to
CyberSecurity Malaysia
1-2 April
The Task Force Meeting and OICCERT Conference in Tunisia
APRIL 2008
___________________________________
___
22 March – 19 April
Data recovery and hard disc repair
technique training was held at the
Myung Institute, South Korea
16 – 18 March
A Raid Mock organised by the Ministry
ry
of Domestic Trade and Consumer Affairs
airs
to impart knowledge on digital forensic
sic
procedures was held in Sungai Petani,
i,
Kedah
58
Aktiviti Sepanjang Tahun
ACTIVITIES
THROUGHOUT
THE YEAR
59
Semua Pengarah telah menghadiri Program Latihan para Pengarah Korporat (“CDTP”) yang telah diadakan pada
18 Mac dan 17 Jun 2008 di CCM.
MESYUARAT AGUNG TAHUNAN (AGM)
Mesyuarat Agung Tahunan merupakan forum utama untuk berdialog dan berinteraksi dengan Ahli-ahli
CyberSecurity Malaysia yang terdiri daripada Kementerian Kewangan (Diperbadankan) “”MOF (Inc.) dan
MOSTI. Ahli-ahli diberikan peluang dan masa untuk mengemukakan soalan mengenai perkara dalam agenda
mesyuarat agung tahunan yang diadakan. Notis mesyuarat dan laporan tahunan dihantar kepada Ahli-ahli
CyberSecurity Malaysia sekurang-kurangnya 21 hari sebelum tarikh mesyuarat menurut Tataurusan Pertubuhan
CyberSecurity Malaysia.
The Directors have attended the Corporate Directors Training Programme (“CDTP”) which were held on 18
March and 17 June 2008 at CCM.
ANNUAL GENERAL MEETING (AGM)
The Annual General Meeting represents the principal forum for dialogue and interaction with Members of
CyberSecurity Malaysia namely the Ministry of Finance (Inc.) “”MOF (Inc.) and MOSTI. Members are accorded
both the opportunity and time to raise questions on the items on the agenda of the general meeting. The notice
of meeting and annual report is sent out to the Members of CyberSecurity Malaysia at least 21 days before the
date of the meeting in accordance with the Articles of Association of CyberSecurity Malaysia.
56
The Board is of the view that the system of internal controls in place for the year under review and up to the
date of issuance of the annual report and financial statements is sufficient to safeguard the interests of the
stakeholders, clients, regulators and employees, and CyberSecurity Malaysia’s assets.
The internal risk control and management programmes prescribed by the Board include policies and procedures
on risk and control by identifying and assessing the risks faced, and in the design, operation and monitoring of
suitable internal controls to mitigate and control these risks.
The Board has, through the Management, carried out the ongoing process of identifying, evaluating and
managing of the key operational and financial risks confronting CyberSecurity Malaysia. The Board embarked
on a review of the existing risk control and risk management, implementing and entrenching the risk management
culture and functions within CyberSecurity Malaysia.
The Board is responsible for CyberSecurity Malaysia’s system of internal controls and its effectiveness. However,
such a system is designed to manage CyberSecurity Malaysia’s risks within an acceptable risk profile, rather than
eliminate the risk of failure to achieve the policies and business objective of CyberSecurity Malaysia. The
prescribing and maintenance of a system of internal controls, however, provides reasonable assurance of
effective and efficient operations, and compliance with laws and regulations, as well as with internal procedures
and guidelines.
57
Lembaga Pengarah berpendapat bahawa sistem kawalan dalaman yang tersedia pada tahun yang ditinjau dan
sehingga tarikh penerbitan laporan tahunan dan penyata kewangan ini adalah mencukupi untuk menjaga
kepentingan para pemegang kepentingan, pelanggan, penguatkuasa peraturan dan kakitangan serta aset
CyberSecurity Malaysia.
Program kawalan dan pengurusan risiko dalaman yang ditetapkan oleh Lembaga Pengarah termasuk dasar dan
prosedur mengenai risiko dan kawalan dengan mengenalpasti serta menilai risiko yang dihadapi dan merangka
operasi dan pemantauan kawalan dalaman yang sesuai bagi mengawas serta mengawal semua risiko ini.
Melalui Pengurusan, Lembaga Pengarah, telah menjalankan satu proses berterusan untuk mengenalpasti,
menilai dan mengurus risiko operasi dan kewangan utama yang berhadapan dengan CyberSecurity Malaysia.
Ia dilaksanakan dengan menyemak kawalan dan pengurusan risiko sedia ada, melaksana dan menerapkan
budaya dan fungsi pengurusan risiko ke dalam CyberSecurity Malaysia.
Lembaga Pengarah bertanggungjawab terhadap sistem kawalan dalaman CyberSecurity Malaysia dan juga
keberkesanannya. Walau bagaimanapun, sistem sedemikian direka untuk mengurus risiko CyberSecurity
Malaysia dalam had profil risiko yang boleh diterima, bukannya menghapus risiko kegagalan mencapai dasar
dan objektif perniagaan CyberSecurity Malaysia. Walau bagaimanapun, penetapan dan pengekalan sebuah
sistem kawalan dalaman mampu menyediakan jaminan berpatutan tentang keberkesanan dan kecekapan
operasi dan pematuhan kepada undang-undang dan peraturan serta prosedur dan garis panduan dalaman.
KAWALAN DALAMAN DAN PENGURUSAN RISIKO
Para Pengarah digalakkan supaya menghadiri ceramah, program latihan dan seminar untuk mengemaskini diri
mereka dengan perkembangan terbaru berkaitan industri di mana CyberSecurity Malaysia beroperasi.
Directors are encouraged to attend talks, training programmes and seminars to update themselves on new
developments related to the industry in which CyberSecurity Malaysia is operating.
INTERNAL CONTROL AND RISK MANAGEMENT
PENDIDIKAN BERTERUSAN PARA PENGARAH
CONTINUING EDUCATION OF DIRECTORS
54
Y.Bhg. Dato’ Abdul Hanan bin Alang Endut, Chairman of the CyberSecurity Malaysia is not subject to retirement
since he is representing MOSTI. Lt. Col. (R) Husin Hj Jazri, being the President/Chief Executive Officer is subject
to retirement in accordance with his tenure of service with the CyberSecurity Malaysia and the terms and
conditions applicable thereto. Puan Rubaiah Bte Hj Hashim who is due to retirement by rotation in 2008 has
tendered her retirement letter pursuant to Articles 49 and 51of the Articles of Association of CyberSecurity
Malaysia. She offers herself for re-election as a Director and will be considered for approval by the Members
of CyberSecurity Malaysia at the Third Annual General Meeting 2009.
Members of the Board who represents the Ministry of Science, Technology and Innovation (“MOSTI”) are not
subject to retirement. However, other Members of the Board are to retire by rotation upon the expiry of their
terms of directorship. One-third of the Members of the Board for the time being shall retire each year by
rotation, or if the number is not a multiple of three (3) then the nearest to one third shall retire. The Member of
the Board to retire in every year shall be those who have been longest in office since their last election, but as
between persons who became a Member of the Board on the same day, those to retire shall (unless they
otherwise agree among themselves) be determined by lot.
APPOINTMENT, RETIREMENT BY ROATION AND RE-ELECTION OF THE BOARD
MEMBERS
As at the end of the financial year 2008, six (6) Board Meetings were held.
Minutes of every Board meeting are circulated to all Directors for their perusal prior to confirmation of the
minutes at the following Board meeting.
The agenda for every Board meeting, together with comprehensive management reports, proposal papers and
supporting documents, are furnished to all Directors for their perusal well in advance of the Board meeting date,
so that the Directors have ample time to review matters to be deliberated at the Board meeting and to facilitate
informed decision making by the Directors.
Board meetings are held regularly, whereby reports on the progress of CyberSecurity Malaysia’s business and
operations and minutes of meeting of Board Committees are tabled for review by Members of the Board. At
these Board meetings, the Members of the Board also evaluate business and operational propositions and
corporate proposals that require to be approved by the Board owing to internal or regulatory requirements, or
because of significant financial impact on CyberSecurity Malaysia.
55
Y.Bhg. Dato’ Hanan bin Alang Endut, Pengerusi CyberSecurity Malaysia tidak tertakluk kepada persaraan
kerana beliau mewakili MOSTI. Lt. Col. (B) Husin Hj Jazri, sebagai Presiden/Ketua Pegawai Eksekutif pula
tertakluk kepada persaraan menurut tempoh perkhidmatan beliau dengan CyberSecurity Malaysia dan terma
serta syarat yang berkaitan dengannya. Puan Rubaiah Bte Hj Hashim yang sudah sampai tempoh bersara
mengikut giliran pada tahun 2008 telah menghantar surat persaraan beliau berhubung Tataurusan 49 dan 51
dalam Tataurusan Pertubuhan CyberSecurity Malaysia. Beliau menawarkan diri untuk dipilih semula sebagai
Pengarah dan akan dipertimbangkan untuk kelulusan para Ahli CyberSecurity Malaysia di Mesyuarat Agung
Tahunan Ketiga yang berlangsung pada tahun 2009.
Ahli-ahli Lembaga Pengarah yang mewakili Kementerian Sains, Teknologi dan Inovasi (“MOSTI”) tidak tertakluk
kepada persaraan. Walau bagaimanapun, Ahli-ahli lain dalam Lembaga Pengarah perlu bersara mengikut
giliran selepas tamat tempoh memegang jawatan pengarah mereka. Satu pertiga daripada Ahli-ahli Lembaga
Pengarah buat masa ini akan bersara setiap tahun mengikut giliran atau jika bilangan tersebut bukan dalam
gandaan tiga (3), angka yang terdekat kepada satu pertiga akan bersara. Ahli-ahli Lembaga Pengarah yang
bersara setiap tahun adalah ahli yang paling lama memegang jawatan sejak pemilihan sebelumnya, tetapi
sebagai orang antara yang menjadi seorang Ahli Lembaga Pengarah pada hari yang sama, mereka bersara akan
(kecuali mereka sebaliknya bersetuju di kalangan mereka) ditentukan melalui pemilihan.
PELANTIKAN, PERSARAAN MENGIKUT GILIRAN DAN PEMILIHAN SEMULA AHLIAHLI LEMBAGA PENGARAH
Pada akhir tahun kewangan 2008, CyberSecurity Malaysia telah mengadakan enam (6) Mesyuarat Lembaga
Pengarah.
Minit setiap mesyuarat Lembaga Pengarah dihantar kepada semua Pengarah untuk penelitian mereka sebelum
mengesahkan minit tersebut di mesyuarat Lembaga Pengarah yang berikutnya.
Agenda bagi setiap mesyuarat Lembaga Pengarah, bersama dengan laporan pengurusan, kertas cadangan serta
dokumen sokongan yang komprehensif diberikan kepada semua Pengarah untuk penelitian mereka terlebih
dahulu sebelum tarikh mesyuarat Lembaga Pengarah supaya Pengarah berkenaan mempunyai masa yang
mencukupi untuk menyemak perkara-perkara yang akan dibincangkan di mesyuarat Lembaga Pengarah dan
untuk memudahkan para Pengarah membuat keputusan yang termaklum.
Mesyuarat Lembaga Pengarah diadakan secara kerap, di mana laporan mengenai kemajuan perniagan dan
operasi serta minit mesyuarat Jawatankuasa Lembaga Pengarah CyberSecurity Malaysia dibentangkan untuk
disemak oleh Ahli-ahli Lembaga Pengarah. Di mesyuarat Lembaga Pengarah ini, Ahli-ahli Lembaga Pengarah
turut menilai cadangan perniagan dan operasi serta cadangan korporat yang memerlukan kelulusan Lembaga
Pengarah kerana ia telah ditetapkan oleh keperluan dalaman atau keperluan peraturan atau kerana ia memberi
kesan kewangan yang ketara ke atas CyberSecurity Malaysia.
MESYUARAT LEMBAGA PENGARAH DAN BEKALAN MAKLUMAT KEPADA
LEMBAGA PENGARAH
Profil ahli-ahli Lembaga Pengarah sedia ada dibentangkan di muka surat 14 hingga 15 dalam Laporan Tahunan
ini.
The profiles of the current Members of the Boards are set out on pages 14 to 15 of the Annual Report.
BOARD MEETINGS AND SUPPLY OF INFORMATION TO THE BOARD
Lembaga Pengarah dibantu sepenuhnya dan secara berkesan dalam pengurusan harian CyberSecurity Malaysia
oleh Presiden/Ketua Pegawai Eksekutif serta pasukan pengurusan beliau.
The Board is fully and effectively assisted in the day-to-day management of CyberSecurity Malaysia by the
President/Chief Executive Officer and his management team.
Lembaga Pengarah CyberSecurity Malaysia dengan sukacitanya melaporkan bahawa pada tahun kewangan
yang ditinjau, CyberSecurity Malaysia terus melaksanakan amalan tadbir urus korporat yang memuaskan dalam
mengurus dan menerajui hala tuju perkembangan CyberSecurity Malaysia, iaitu dengan menerima pakai isi
kandungan dan semangat prinsip sepertimana yang diperlukan oleh Kod Malaysia mengenai Tadbir Urus
Korporat (“Kod”).
The Board of the CyberSecurity Malaysia is pleased to report that for the financial year under review,
CyberSecurity Malaysia has continued to apply good corporate governance practices in managing and directing
the affairs of CyberSecurity Malaysia, by adopting the substance and spirit of the principles advocated by the
Malaysian Code on Corporate Governance (“the Code”).
52
At least half of the total composition of the Members of the Board must be from the government sector and are
to be appointed by the Minister of Science, Technology and Innovation. The remaining members may be from
the commercial or other relevant sectors are elected by the members of CyberSecurity Malaysia at its General
Meeting. There are currently five (5) members of the Board.
All members of the Board are elected with the prior approval of the Minister of Domestic Trade and Consumer
Affairs (MDTCA).
The Board consists of members of high calibre, with good leadership skills and vastly experienced in their own
fields of expertise which enable them to provide strong support towards the effective discharge of the duties and
responsibilities of the Board. They fulfill their role by the exercise of independent judgement and objective
participations in the deliberations of the Board bearing in mind the interests of stakeholders, employees,
customers, and the many communities in which CyberSecurity Malaysia conduct its business.
COMPOSITION OF BOARD
The Board’s other main duties include regular oversight of CyberSecurity Malaysia’s operations and performance
and ensuring that the infrastructure, internal controls and risk management processes are well in place and
assess and manage the business risks of CyberSecurity Malaysia.
The Board also oversees the operations and business of CyberSecurity Malaysia by requiring regular periodic
operational and financial reporting by the management, in addition to prescribing minimum standards and
establishing policies on the management of operational risks and other key areas of CyberSecurity Malaysia’s
activities.
The Board considers in depth, and if thought fit, approves for implementation key matters affecting CyberSecurity
Malaysia which include matters on action plans and annual budget, major expenditures, acquisition and
disposal of assets, human resources policies and performance management. The Board also reviews the action
plans that are implemented by the Management to achieve business and operational targets.
The Board maps out and reviews CyberSecurity Malaysia’s strategic plans on an annual basis so as to align
CyberSecurity Malaysia’s operational directions and activities with the goals of its establishment by the
Government of Malaysia.
53
Sekurang-kurangnya setengah daripada jumlah komposisi Ahli-ahli Lembaga Pengarah hendaklah terdiri
daripada sektor kerajaan dan dilantik oleh Menteri Sains, Teknologi dan Inovasi. Ahli-ahli selebihnya diambil
dari kalangan sektor perdagangan atau sektor lain yang berkaitan yang dipilih oleh Ahli-ahli CyberSecurity
Malaysia di Mesyuarat Agungnya. Kini terdapat lima (5) orang ahli yang mengganggotai Lembaga Pengarah.
Semua ahli Lembaga Pengarah dipilih dengan kelulusan terlebih dahulu daripada Menteri Perdagangan Dalam
Negeri dan Hal Ehwal Pengguna (MPDNHEP).
Lembaga Pengarah terdiri daripada para ahli yang sangat berkaliber, mempunyai kemahiran, kepimpinan dan
berpengalaman luas dalam bidang kepakaran masing-masing yang membolehkan mereka menyediakan
sokongan kukuh terhadap pelaksanaan tugas dan tanggungjawab Lembaga Pengarah secara berkesan. Mereka
menjalankan peranan dengan melaksanakan pertimbangan secara bebas dan menyertai secara bermatlamat,
dalam perbincangan Lembaga Pengarah sambil pada masa yang sama, menjaga kepentingan pemegang
kepentingan, pekerja, pelanggan serta pelbagai komuniti di mana CyberSecurity Malaysia menjalankan
perniagaannya.
KOMPOSISI LEMBAGA PENGARAH
Tugas-tugas lain Lembaga Pengarah termasuk mengawasi secara kerap operasi dan prestasi CyberSecurity
Malaysia serta memastikan supaya infrastruktur, kawalan dalaman dan proses pengurusan risiko sudah tersedia
dan menilai serta mengurus risiko perniagaan CyberSecurity Malaysia.
Lembaga Pengarah juga mengawasi operasi dan perniagaan CyberSecurity Malaysia dengan meminta
pengurusan menghantar laporan operasi dan kewangan secara berkala dengan kerap, selain menetapkan
piawaian minimum serta menggubal dasar berkenaan pengurusan risiko operasi dan bidang-bidang utama lain
dalam aktiviti yang dijalankan oleh CyberSecurity Malaysia.
Lembaga Pengarah menimbang secara mendalam dan jika difikirkan sesuai, meluluskan untuk pelaksanaan
perkara-perkara utama yang memberi kesan kepada CyberSecurity Malaysia termasuk perkara-perkara
berkenaan pelan tindakan dan bajet tahunan, perbelanjaan utama, pembelian dan penjualan aset, dasar sumber
manusia dan prestasi pengurusan. Lembaga Pengarah turut menyemak pelan tindakan yang dilaksanakan oleh
Pengurusan untuk mencapai sasaran perniagaan dan operasi.
Lembaga Pengarah merangka dan menyemak pelan strategik CyberSecurity Malaysia setiap tahun bagi
menyelaras hala tuju operasi serta aktiviti CyberSecurity Malaysia supaya selaras dengan tujuan penubuhannya
oleh Kerajaan Malaysia.
TANGGUNGJAWAB LEMBAGA PENGARAH
PENYATA TADBIR URUS KORPORAT
STATEMENT OF CORPORATE GOVERNANCE
BOARD RESPONSIBILITIES
Tadbir Urus Korporat
Corporate Governance
-FHBM TUBUVUPSZ SFHVMBUPSZ MFHJTMBUJWF BOE
contractual obligation and requirements in
supporting CyberSecurity Malaysia’s business
operation’s shall be met.
*OGPSNBUJPOTFDVSJUZTIBMMCFNBOBHFEUISPVHI
CyberSecurity Malaysia’s information security
risk assessment methodology. This shall include
the criteria for risk acceptable level of risk.
t
t
50
$ZCFS4FDVSJUZ.BMBZTJBTJOGPSNBUJPOBTTFUTJO
which all types of information reside shall be
protected from all threats, whether internal or
external, deliberate or accidental.
t
"OZ FNQMPZFFT GPVOE UP IBWF WJPMBUFE UIJT
policy or its supporting policies, procedures
and guidelines shall be subjected to disciplinary
actions as stipulated in the CyberSecurity
Malaysia Scheme of Services.
$ZCFS4FDVSJUZ .BMBZTJB *4.4 1PMJDZ TIBMM CF
reviewed annually by Information Security
Management Committee to ensure its
applicability and relevance.
t
t
&BDI FNQMPZFF TIBMM BEIFSF UP $ZCFS4FDVSJUZ
Malaysia ISMS Policy and its supporting
policies, procedures and guidelines.
t
AVAILABILITY
CyberSecurity Malaysia shall ensure that all
information is always available to support its business
operations and continue to operate with minimal
disruptions to achieve its corporate mission and thus
realising its vision.
POLICY STATEMENT
&BDI FNQMPZFF TIBMM CF SFTQPOTJCMF JO
protecting all information and respective
information assets against unauthorized access,
disclosure, modification, destruction and
interference, as well as executing all relevant
processes and activities.
t
INTEGRITY
CyberSecurity Malaysia shall ensure that all
information produced, kept and distributed by
CyberSecurity Malaysia have absolute integrity.
"MM NBOBHFST TIBMM CF EJSFDUMZ SFTQPOTJCMF GPS
implementing CyberSecurity Malaysia ISMS
Policy within their units, and for adherence by
their staff.
t
"OZ SFMBUFE QBSUJFT JODMVEJOH WFOEPST
contractors and third party users shall only
have access to CyberSecurity Malaysia
information as stipulated in a non-disclosure
agreement (NDA) with CyberSecurity
Malaysia.
1PMJDJFTQSPDFEVSFTBOEHVJEFMJOFTOPUMJNJUFE
to information security shall be made available
to support CyberSecurity Malaysia ISMS
Policy.
t
t
CONFIDENTIALITY
CyberSecurity Malaysia shall ensure that all
information is safeguarded with appropriate controls
to preserve its confidentiality.
CyberSecurity Malaysia’s objective of managing
information security according to the requirements
in the ISO/IEC 27001:2005 is to achieve an overall
information security assurance through the
preservation of confidentiality, integrity and
availability.
OBJECTIVE
CyberSecurity Malaysia Information Security Management
System Policy
ISMS Policy Statement
Aset maklumat CyberSecurity Malaysia yang
menempatkan semua jenis maklumat perlu
dilindungi daripada semua jenis ancaman,
sama ada dalaman mahupun luaran, sengaja
atau tidak sengaja.
Kesemua kewajipan dan keperluan undangundang, berkanun, peraturan, perundangan
dan kontrak yang menyokong perniagaan
CyberSecurity Malaysia perlu sentiasa
dipenuhi.
Sekuriti maklumat perlu diuruskan melalui
kaedah penilaian risiko sekuriti maklumat
CyberSecurity Malaysia. Ini meliputi kriteria
bagi tahap risiko yang boleh diterima.
t
t
t
PENYATA DASAR
KETERSEDIAAN
CyberSecurity Malaysia bertekad untuk memastikan
bahawa semua maklumat yang tersedia bagi
menyokong operasi perniagaannya dan terus
beroperasi dengan gangguan yang minimum demi
mencapai misi korporatnya dan seterusnya
merealisasi wawasannya.
KEWIBAWAAN
CyberSecurity Malaysia bertekad untuk memastikan
bahawa semua maklumat yang dikeluarkan,
disimpan dan disebarkan oleh CyberSecurity
Malaysia mempunyai kewibawaan muktamad.
KERAHSIAAN
CyberSecurity Malaysia bertekad untuk memastikan
bahawa semua maklumat terjamin dengan kawalan
yang sesuai untuk mengekalkan kerahsiaannya.
Objektif CyberSecurity Malaysia mengurus
keselamatan maklumat berdasarkan keperluan ISO/
IEC27001:2005 adalah untuk mencapai jaminan
sekuriti maklumat menyeluruh melalui pengekalan
kerahsiaan, kewibawaan dan ketersediaan.
OBJEKTIF
Mana-mana kakitangan yang didapati
melanggar dasar ini atau dasar, prosedur dan
garis panduan sokongannya boleh dikenakan
tindakan disiplin seperti yang digariskan dalam
Skim Perkhidmatan CyberSecurity Malaysia.
Dasar ISMS CyberSecurity Malaysia akan dikaji
setiap tahun oleh Jawatankuasa Pengurusan
keselamatan Maklumat bagi memastikan
kebolehlaksanaannya dan relevan.
t
t
51
Setiap kakitangan perlu mematuhi Dasar ISMS
CyberSecurity Malaysia dan dasar, prosedur
dan garis panduan sokongannya.
Semua kakitangan perlu bertanggungjawab
untuk melindungi semua maklumat dan aset
maklumat masing-masing daripada akses yang
tidak dikenali, pendedahan, pengubahsuaian,
kemusnahan dan pencerobohan, serta
melaksanakan semua proses dan aktiviti yang
berkaitan.
Mana-mana pihak berkaitan termasuk vendor,
kontraktor dan pengguna pihak ketiga hanya
akan mempunyai akses kepada maklumat
CyberSecurity Malaysia sepertimana yang
digariskan dalam perjanjian melarang
pendedahan (NDA) dengan CyberSecurity
Malaysia.
Semua pengurus perlu bertanggungjawab
secara langsung terhadap pelaksanaan Dasar
ISMS CyberSecurity Malaysia dalam unit
mereka, dan memastikannya dipatuhi oleh
kakitangan mereka.
Dasar, prosedur dan garis panduan tidak terhad
kepada keselamatan maklumat semata-mata,
malah ia perlu tersedia untuk menyokong
Dasar ISMS CyberSecurity Malaysia.
t
t
t
t
t
Dasar Sistem Pengurusan Sekuriti Maklumat
CyberSecurity Malaysia
Penyata Dasar ISMS
48
1. ASIA PACIFIC COMPUTER EMERGENCY RESPONSE TEAM (APCERT)
www.apcert.org
t 4FCVBIQMBUGPSNTFSBOUBVZBOHEJBOHHPUBJQBTVLBOEBSJFLPOPNJEJSBOUBV"TJB1BTJGJLEJNBOB
kebanyakan mereka terdiri daripada Pasukan Tindakbalas Kecemasan Komputer (“CERT”) masingmasing yang menyelaras dan bekerjasama untuk mencegah, mengesan dan bertindak terhadap
sebarang insiden komputer yang dilaporkan dan juga turut menggerakkan aktiviti yang bertujuan
untuk menambah baik kemampuan pengendalian insiden.
1. ASIA PACIFIC COMPUTER EMERGENCY RESPONSE TEAM (APCERT)
www.apcert.org
t "SFHJPOBMQMBUGPSNDPOTJTUJOHPGBUPUBMPGNFNCFSUFBNTGSPNFDPOPNJFTJOXIJDINBKPSJUZ
are National CERTs from within Asia Pacific Regions who coordinate and collaborate in prevention,
detection and responding to computer incident reports as well as initiate activities related to
enhancement of incident handling capabilities.
6. GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE (GBDE)
www.gbd-e.org
t &TUBCMJTIFE JO +BOVBSZ (#%F JT TQFBSIFBEFE CZ XPSME SFOPXOFE $&0 UP BTTJTU JO UIF
development of global policy framework for emerging online economy and convene dialogue on
related issues.
5. COMMON CRITERIA (CC)
www.commoncriteriaportal.org
t "OJOUFSOBUJPOBM4UBOEBSE*40*&$
GPSDPNQVUFSTFDVSJUZTDSVUJOZQSPDFTTQSPWJEJOHTUSJOHFOU
quality processes, evaluation and assurance on any computer security products.
4. REGIONAL ASIA INFORMATION SECURITY EXCHANGE (RAISE)
t "GPSVNUIBUQSPWJEFTBQMBUGPSNGPSTIBSJOHPGLOPXMFEHFBOEFYQFSJFODFTEFQMPZFEGPSBEPQUJPO
within the region in order to develop international security standards broadcasted effectively within
the Asia Region.
3. INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC (ISC)²
https://www.isc2.org
t *4$JTSFTQPOTJCMFGPSNBJOUBJOJOHUIF*4$
¤$#,¥BDPNQFOEJVNPGUIFJOEVTUSZCFTUQSBDUJDFTGPS
information security including Certified Information Systems Security Professionals (CISSPs) and
Systems Security Certified Practitioners (SSCPs).
49
6. GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE (GBDE)
www.gbd-e.org
t %JUVCVILBOQBEB+BOVBSJ(#%FEJUFSBKVJPMFI,FUVB1FHBXBJ&LTFLVUJG%VOJBZBOHUFSLFNVLB
bagi membantu membangunkan polisi rangka kerja global untuk pembangunan ekonomi secara atas
talian dan menganjurkan dialog ke atas isu-isu yang berkaitan.
5. COMMON CRITERIA (CC)
www.commoncriteriaportal.org
t 4BUV 4UBOEBSE "OUBSBCBOHTB *40*&$ CBHJ QSPTFT QFOFMJUJBO LFTFMBNBUBO LPNQVUFS ZBOH
menetapkan proses penelitian kualiti yang ketat, penilaian dan pengesahan ke atas produk
keselamatan komputer.
4. REGIONAL ASIA INFORMATION SECURITY EXCHANGE (RAISE)
* Sebuah forum yang menyediakan asas bagi perkongsian pengetahuan dan pengalaman yang disebar
dan digunapakai di seluruh rantau Asia dengan tujuan untuk membangunkan standard keselamatan
antarabangsa yang akan dikongsi secara efektif di kalangan negara rantau Asia.
3. INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC (ISC)2
https://www.isc2.org
t *4$CFSUBOHHVOHKBXBCVOUVLNFOHFLBMLBO*4$
$#,¥TFCVBIHBCVOHBOBNBMBOUFSCBJLJOEVTUSJ
di dalam bidang keselamatan maklumat termasuklah “Certified Information Systems Security
Professionals (CISSP) dan “Systems Security Certified Practitioners (SSCP)”.
2. FORUM OF INCIDENT RESPONSE SECURITY TEAM (FIRST)
www.first.org
t '*345NFSVQBLBOQFOFSBKVEVOJBEJEBMBNUJOEBLCBMBTJOTJEFOEFOHBONFOHHBCVOHLBOLVNQVMBO
keselamatan ICT dan CERT dari sektor komersil, pendidikan, dan kerajaan dengan matlamat utama
untuk menyemai kerjasama dan koordinasi di dalam pengesanan pencegahan insiden komputer,
bertindak secara berkesan dan berkongsi maklumat di kalangan ahli dan masyarakat.
USAHASAMA STRATEGIK. CyberSecurity Malaysia tidak bersendirian di dalam usaha melindungi orang ramai
dari ancaman siber. Jalinan rakan pengetahuan strategik kami merangkumi usahasama dan perkongsian
maklumat secara global dengan agensi dan badan profesional seperti:
SMART PARTNERSHIPS. CyberSecurity Malaysia is not alone in our quest to protect the public against cyber
corruption. Our bridge of strategic technical and knowledge partners encompass a global collaboration and
information sharing with renowned agencies and professional bodies such as:
2. FORUM OF INCIDENT RESPONSE & SECURITY TEAMS (FIRST)
www.first.org
t '*345 JT UIF HMPCBM MFBEFS JO JODJEFOU SFTQPOTF UIBU BTTFNCMF *$5 TFDVSJUZ UFBNT BOE $&35T GSPN
commercial, education and government institutions with the main goal of fostering cooperation and
coordination in incident detection, prevention, effective response and information sharing amongst
members and the public.
Rakan Pengetahuan dan Teknikal
Technical and Knowledge Partners
46
Corporate Planning & Strategy Department and Internal
Audit Department / Jabatan Perancangan Korporat &
Strategi dan Jabatan Juruaudit Dalaman
Procurement Department
Jabatan Perolehan
Cyber Technology Research (CTR) Department
Jabatan Penyelidikan Teknologi Siber
47
Some of the personnel under Chief Technology Officer (CTO)'s Office Division
Beberapa Pegawai dari Bahagian Pejabat Ketua Pegawai Teknologi
Information Technology Department
Jabatan Teknologi Maklumat
Legal & Secretarial Department
Jabatan Perundangan dan Kesetiausahaan
The CEO with Admin personnel and secretaries.
Ketua Pegawai Eksekutif bersama kakitangan pentadbiran dan
setiausaha-setiausaha
Corporate Services Division
Bahagian Perkhidmatan Korporat
Warga Korporat CyberSecurity Malaysia
CEO's Office Division
Bahagian Pejabat Ketua Pegawai Eksekutif
CyberSecurity Malaysia's Corporate Citizens
Selain itu, CyberSecurity Malaysia merupakan sebuah pusat peperiksaan bertauliah bagi program pensijilan
SANS Institute dan BCI. Bilangan pekerja pengetahuan di Malaysia kini telah bertambah hasil daripada
Program Perkhidmatan Latihan Profesional yang ditawarkan oleh CyberSecurity Malaysia. Sebelum
program ini dimulakan, negara mempunyai hanya seramai 200 orang tenaga profesional keselamatan siber
yang bertauliah pada tahun 2005. Program ini telah berjaya menambah bilangan itu kepada 799 orang
profesional pada bulan Disember 2008.
In addition, CyberSecurity Malaysia is the authorised examination centre for SANS Institute and BCI
certification programs. The number of knowledge workers in Malaysia has increased through CyberSecurity
Malaysia’s Professional Training Services Program. Before the program started, there were only 200
certified cyber security professionals in 2005. This program has increased the number to 799 by December
2008.
44
Outreach and awareness programs also include the eSecurity portal that was developed to provide
information on cyber security for three target groups; Kids / teenagers, Parents / end-users and Organisations,
which is also the brand name used for our awareness portal http://www.esecurity.org.my and our quarterly
awareness newsletter called CyberSAFE.
We provide continuous
outreach and awareness
programs in order to increase
the national awareness level
on cyber security and have
thus far organised twelve
(12) awareness programs
nationwide and conducted
45 school programs. Apart
from that, we have also organised INFOSEC.my seminar, which was attended by over 800 participants. All
these programs and campaigns were achieved within a span of three years from year 2006 to year 2008.
In
ncreasing cyber security awareness programs to the public is the key factor in our daily
aacctivities because the internet has drastically changed the lifestyle of Malaysians. Be it
wh
hile providing our products or services, CyberSecurity Malaysia tries it's best to make
th
he public aware and understand about cyber safety.
45
Program membina perhubungan dan kesedaran turut meliputi portal eSecurity yang dibangunkan bagi
menyediakan maklumat mengenai keselamatan siber untuk tiga kumpulan sasaran; iaitu Kanak-kanak/
remaja, Ibu bapa/pengguna akhir dan Organisasi. Ia juga merupakan jenama bagi portal kami yang boleh
dilawati di http://www.esecurity.org.my dan buletin kesedaran kami iaitu CyberSAFE yang dikeluarkan
setiap tiga bulan.
Kami menyediakan program perhubungan dan kesedaran berterusan untuk meningkatkan tahap kesedaran
di peringkat negara mengenai keselamatan siber dan oleh yang demikian, sehingga kini kami telah
menganjurkan dua belas (12) program kesedaran dan 45 program sekolah di seluruh negara. Selain itu,
kami turut menganjurkan INFOSEC.my.seminar yang telah dihadiri oleh lebih 800 orang peserta. Semua
program dan kempen yang dianjurkan ini berjaya mencapai sasarannya dalam tempoh tiga tahun bermula
dari tahun 2006 hingga 2008.
Meningkatkan program kesedaran keselamatan siber kepada orang awam secara berterusan merupakan
salah satu faktor penting dalam kehidupan seharian kami kerana internet telah mengubah cara hidup
rakyat Malaysia dengan drastik. CyberSecurity Malaysia beriltizam untuk memupuk kesedaran dan
pemahaman di kalangan orang ramai mengenai keselamatan siber, sama ada ketika menyediakan
perkhidmatan mahupun produknya.
2. Capaian dan Kesedaran
Perkongsian Maklumat:
t
Information Security Local Interest Group (INFOSEC.my).
t
Information Security Special Interest Group (INFOSEC.my SIG).
Information Sharing:
t
Information Security Local Interest Group (INFOSEC.my).
t
Information Security Special Interest Group (INFOSEC.my SIG).
2. Outreach and Awareness
Program Pembinaan Keekapan dan Kesedaran pula meliputi:
t
Business Continuity Management
t
Common Criteria
t
Digital Forensics
t
Incident Response and Handling
t
ISO 27001
t
Mobile Banking
t
Network Security
t
Security Essential
t
Security Policy Development
t
Web Application Security
t
Wireless Communication
t
Wireless Security
Competency Building and Awareness Programes:
t
Business Continuity Management
t
Common Criteria
t
Digital Forensics
t
Incident Response and Handling
t
ISO 27001
t
Mobile Banking
t
Network Security
t
Security Essential
t
Security Policy Development
t
Web Application Security
t
Wireless Communication
t
Wireless Security
42
Professional certification programs from the International Information System Security Certification
Consortium, Inc., (ISC)²:
t
Certified Information Systems Security Professional (CISSP).
t
Systems Security Certified Practitioner (SSCP).
The list of programs offered by CyberSecurity Malaysia includes:
Training & Outreach Team
Pasukan Latihan & Capaian
As a body entrusted to ensure the security of cyberspace
in Malaysia, our expertise and services are widely
needed to provide training and advice on developing
Computer Emergency Response Team (CERT),
Information Security Management System (ISMS),
Business Continuity Management (BCM), Wireless
technology, Penetration Testing, SCADA, and Digital
Forensics.
43
Program pensijilan profesional daripada International Information System Security Certification Consortium,
Inc., (ISC)²:
t
Certified Information Systems Security Professional (CISSP)
t
Systems Security Certified Practitioner (SSCP)
Senarai program yang ditawarkan oleh CyberSecurity Malaysia meliputi:
Sebagai sebuah badan yang diamanahkan untuk memastikan keselamatan ruang angkasa siber di Malaysia,
kepakaran dan perkhidmatan kami amat diperlukan bagi menyediakan latihan dan nasihat untuk
membangunkan Pasukan Tindakan Kecemasan Komputer (CERT), Sistem Pengurusan Keselamatan
Maklumat (ISMS), Pengurusan Kesinambungan Perniagaan (BCM), teknologi tanpa wayar, Ujian
Penembusan, SCADA dan Forensik Digital.
Evolusi pengetahuan merupakan salah satu kriteria kritikal yang diberikan keutamaan oleh CyberSecurity
Malaysia. Kami bertekad untuk melahirkan sebuah “Generasi Pengetahuan” yang mampu memahami serta
mengendali evolusi ancaman keselamatan siber yang sentiasa berubah. CyberSecurity Malaysia
menyediakan “Perkhidmatan Latihan Profesional” bagi meningkatkan bilangan profesional keselamatan
siber di Malaysia.
1. Perkhidmatan Latihan Profesional
1. Professional Training Services
Knowledge Evolution is one of the critical criteria given
priority by CyberSecurity Malaysia. Our aim is to
create a “Knowledge Generation” capable of
understanding and handling the ever changing
evolution of cyber security threats. CyberSecurity
Malaysia provides “Professional Training Services” in
order to increase the number of cyber security
professionals in Malaysia.
LATIHAN DAN CAPAIAN
Wawasan NSCP adalah “Infrastruktur Maklumat Negara (CNII) Malaysia yang selamat, berdaya tahan dan
mandiri. Berteraskan budaya keselamatan, ia akan menggalakkan kestabilan, kesejahteraan sosial dan
mencipta kekayaan.” Untuk merealisasi wawasan ini, kementerian, penguatkuasa peraturan, dan organisasi
CNII negara perlu bekerjasama secara tersusun di bawah garis panduan NC3.
The NCSP’s vision is “Malaysia’s Critical National Information Infrastructure (CNII) shall be secure,
resilient and self-reliant. Infused with a culture of security it will promote stability, social well being and
wealth creation”. To realize this vision, ministries, regulators and organizations of the country's CNII must
work together in a coordinated fashion under the guidance of the NC3
TRAINING AND OUTREACH
Jabatan PIC bertekad untuk membantu kerajaan berhubung pelaksanaan Dasar Keselamatan Siber Negara
(NCSP). CyberSecurity Malaysia telah diberi mandat untuk melaksanakan dasar di bawah bidang kuasa
Kementerian Sains, Teknologi dan Inovasi (MOSTI). Bagi memudahkan tugas tersebut, PIC merupakan
secretariat bersama-sama MOSTI bagi Jawatankuasa Penyelarasan Keselamatan Siber Nasional (NC3),
sebuah jawatankuasa peringkat kebangsaan untuk mengawal selia pelaksanaan NCSP. Jawatankuasa ini
dipengerusikan oleh Ketua Setiausaha MOSTI. Sebagai sekretariat, PIC menyediakan panduan kepada
pelaksana dari segi nasihat dan hala tuju masa hadapan.
3. Penyelarasan Pelaksanaan Dasar (PIC)
Dalam menyedia dan mengeluarkan laporan sedemikian, penyelidikan mengenai ancaman siber yang
sedia ada dan akan timbul dilakukan melalui internet. Berasaskan kepada maklumat yang dikumpul,
analisis, arah aliran dan cadangan dikeluarkan dan dilaporkan kepada pemegang kepentingan. Ia akan
membantu pemegang kepentingan membuat keputusan secara termaklum semasa merumus dasar dan
garis panduan untuk melaksanakan inisiatif keselamatan maklumat negara.
PIC department is dedicated to assisting the government in realizing the National Cyber Security Policy
(NCSP). CyberSecurity Malaysia has been given the mandate to implement the policy under the purview
of the Ministry of Science, Technology and Innovation (MOSTI). In order to facilitate such work, PIC is
the co-secretariat along with MOSTI for the National Cyber Security Coordination Committee (NC3), a
national level committee that oversees the implementation of NCSP. This committee is chaired by the
Secretary General of MOSTI. As the secretariat, PIC provides guidance to the implementers in term of
advice and way forwards.
3. Policy Implementation Coordination (PIC)
In developing and producing such reports, researches on existing and emerging cyber threats on the
internet are conducted. Based on the information gathered, analysis, trends and proposals are generated
and reported to the stakeholders. This assisted the stakeholders to be more informed in the course of
making decisions, formulating policies and developing guidelines for the country’s information security
initiatives.
the development and management of a project for the Study of Malaysian Cyber Laws to Face
Challenges in the Cyber Environment;
the establishment of the OIC-CERT (Organization of the Islamic Conference – Computer Emergency
Response Team) collaboration which assisted the OIC member countries to establish or strengthen
their cyber security capabilities;
the establishment of a strategic collaboration between CyberSecurity Malaysia and international
agencies such as the Information-technology Promotion Agency (IPA), Japan and ITU-D;
presentation of strategic papers at international conferences such as the NISEKO Japan,, OIC-CERT,
FIRST and ITU-D Conferences;
involvement in strategic workshops such as the National Cyber Security Crisis Management Plan
under Majlis Keselamatan Negara and the Cyber Law Review under MOSTI; and
providing feedbacks to ministerial documentations on cyber security matters.
40
CMR is responsible to provide Cyber Security Malaysia’s stakeholders with periodic reports pertaining to
the development and issues in the areas of cyber security. In meeting the stakeholders’ expectations, CMR
prepares ministerial papers such as Memorandum Jemaah Menteri, Nota Jemaah Menteri and official
feedbacks to Parliament inquiries. In addition this department provides reports on cyber security incidents
and potential cyber threats of the country to the Ministry of Science, Technology and Innovation.
2. Cyber Media Research (CMR)
vi.
v.
iv.
iii.
ii.
i.
Initiatives undertaken by SPR at national and global level include:
SPR spearheads new initiatives in cyber security by developing proposals and undertaking policy research.
The department is also responsible for managing projects to establish new cyber security initiatives such
as collaborations with the relevant local and international parties and implementation of cyber security
technologies. This is done through researches on information security which lead to the development of
strategic papers i.e. white papers, proposals, and reports. These documents have assisted CyberSecurity
Malaysia’s stakeholders as well as management make informed decisions. In addition, SPR also provides
strategic advices and feedbacks to stakeholders’ inquiries on cyber security matters.
1. Strategic Policy Research (SPR)
The Cyber Security Research & Policy Division is divided into three departments:
CYBER SECURITY RESEARCH AND POLICY
Cyber Security Research & Policy Division / Bahagian Dasar dan Penyelidikan Keselamatan Siber
pembangunan dan pengurusan projek bagi Kajian Undang-Undang Siber Malaysia bagi Menghadapi
Cabaran di Persekitaran Siber;
pengwujudan OIC-CERT (Pasukan Tindakan Kecemasan Pertubuhan Persidangan Negara-Negara
Islam) yang membantu negara-negara ahli OIC untuk mewujud atau mengukuhkan lagi keupayaan
keselamatan siber mereka
menjalin permuafakatan strategik antara CyberSecurity Malaysia dan agensi-agensi antarabangsa
seperti Information-technology Promotion Agency (IPA) dari Jepun dan ITU-D;
membentangkan kertas kerja strategik di persidangan antarabangsa seperti Persidangan NISEKO
Jepun, OIC-CERT, FIRST dan ITU-D;
penglibatan dalam bengkel-bengkel strategik seperti Pelan Pengurusan Krisis Keselamatan Siber
Negara di bawah Majlis Keselamatan Negara dan Semakan Undang-Undang Siber di bawah MOSTI;
dan
menyediakan maklumbalas kepada dokumen kabinet berhubung keselamatan siber.
41
CMR bertanggungjawab menyediakan laporan secara berkala kepada pemegang kepentingan CyberSecurity
Malaysia berhubung perkembangan dan isu dalam bidang berkaitan keselamatan siber. Untuk memenuhi
jangkaan pemegang kepentingannya, CMR ditugas untuk menyediakan kertas kabinet seperti Memorandum
Jemaah Menteri, Nota Jemaah Menteri dan maklum balas rasmi kepada pertanyaan yang diterima di
Parlimen. Di samping itu, jabatan ini menyediakan laporan mengenai insiden keselamatan siber dan
kemungkinan ancaman siber terhadap negara kepada Kementerian Sains, Teknologi dan Inovasi.
2. Penyelidikan Media Siber (CMR)
vi.
v.
iv.
iii.
ii.
i.
Inisiatif yang dijalankan oleh SPR di peringkat tempatan dan global termasuk:
SPR menerajui usaha baru dalam keselamatan siber dengan menggariskan cadangan keselamatan dan
menjalan penyelidikan dasar. Jabatan ini juga bertanggungjawab mengendalikan projek untuk mewujudkan
inisiatif keselamatan sekuriti baru seperti kerja sama dengan pihak-pihak berkenaan di dalam dan luar
negeri dan pelaksanaan teknologi keselamatan siber. Ini dilasakanakan melalu penyelidikan terhadap
keselamatan maklumat yang mendorong kepada penyediaan kertas strategik iaitu kertas putih, cadangan
dan laporan. Dokumen ini akan membantu pemegang kepentingan dan pengurusan CyberSecurity
Malaysia membuat keputusan yang lebih termaklum. Di samping itu, SPR juga menyediakan nasihat dan
maklum balas dasar strategik bagi menjawab sebarang pertanyaan pemegang kepentingan mengenai
perkara berkaitan keselamatan siber.
1. Penyelidikan Dasar Strategik (SPR)
Bahagian Dasar dan Penyelidikan Keselamatan Siber terbahagi kepada tiga jabatan:
DASAR DAN PENYELIDIKAN KESELAMATAN SIBER
MyVAC also conducts a review of client’s existing VA report and provide our expert advise.
MyVAC can provide internal and external penetration testing to verify the findings.
t
MyCB, a department within CyberSecurity Malaysia, is responsible for
carrying out certification and for overseeing the day-to-day operations
of the Malaysian Common Criteria Evaluation and Certification
(MyCC) Scheme.
38
The development of MyCC Scheme is very important to fulfil the requirement to be recognised as CCRA
Authorising Participant where Malaysian certified products and systems will be recognized by other CCRA
participant countries. Therefore, MyCB is responsible in ensuring for the successful transition from consuming
to authorising membership. Key milestone for the MyCC Scheme development phase is planned to be
achieved in 2010.
MyCC Scheme is a systematic process for evaluating and certifying the security functionality of ICT products
and systems against defined criteria or standards. MyCC Scheme mission is to increase Malaysia’s competitiveness
in quality assurance of information security based on the Common Criteria (CC) standard. In addition,
consumers’ confidence towards Malaysian ICT products and systems will be increased. In order to ensure that
high standards of competence and impartiality are maintained, and that consistency is achieved, MyCC Scheme
is operated by MyCB.
MyCC Team / Pasukan MyCC
Malaysia has been successfully accepted as the consuming member
by the Common Criteria Recognition Arrangement (CCRA) on 28
March 2007. CCRA is an international standard for gaining recognition
and assurance in ICT products and systems, and as of March 2009,
there are 26 countries participating in CCRA. Following this acceptance
as a consuming member of CCRA, in October 2008, the government
officially appointed CyberSecurity Malaysia as the sole certification
body for the evaluation and certification scheme based on MS ISO/
IEC 15408: 2005 Information Technology – Security Techniques –
Evaluation Criteria for IT Security. This certification body is named
Malaysian Common Criteria Certification Body (MyCB).
MALAYSIA COMMON CRITERIA CERTIFICATION BODY (MyCB)
For Off-Site service, MyVAC provides the relevant cyber security assessment report through
conducting simulation assessment of current settings/configurations with relevant CNII sectors.The
“Off-site” service provides the external penetration testing in verifying the vulnerabilities for clients’
network and systems via internet.
t
MyVAC conducts vulnerability assessment at the client’s place. We use the “Defense-in-depth
approach in ensuring the technical controls are taken care. The scopes offered include but not
limited to : Network architecture review, Network & Wireless, Server/host operating systems,
web-applications, database and penetration testing. A comprehensive Vulnerability Assesement
(VA) report will be prepared for clients to remediate their vulnerabilities.
t
MyVAC turut menjalankan kajian ke atas laporan VA sedia ada pelanggan dan menyediakan
nasihat pakar kami. MyVAC boleh menyediakan ujian penemubusan dalaman dan luaran untuk
mengesahkan penemuan tersebut.
39
Pembangunan Skim MyCC sangat penting untuk memenuhi keperluan yang diiktiraf sebagai Peserta Sah CCRA
kerana produk dan sistem dari Malaysia yang disahkan akan turut diiktiraf oleh negara-negara peserta CCRA.
Justeru, tanggungjawab MyCB adalah untuk memastikan kejayaan peralihan daripada keahlian bertaraf
pengguna kepada penguatkuasa. Mercutanda penting bagi fasa pembangunan Skim MyCC ini dirancang akan
dicapai pada tahun 2010.
Skim MyCC adalah proses sistematik bagi penilaian dan pensijilan fungisan keselamatan produk dan sistem ICT
berasaskan kepada kriteria atau piawaian tertentu. Misi Skim MyCC adalah untuk mempertingkatkan tahap daya
saingan Malaysia dalam jaminan kualiti keselamatan maklumat berdasarkan kepada piawaian Kriteria Bersama
(CC). Di samping itu, ia juga bermatlamat untuk mempertingkatkan keyakinan para pengguna terhadap produk
dan sistem ICT Malaysia. Bagi memastikan supaya piawaian yang tinggi dalam kecekapan dan kesaksamaan
dikekalkan serta konsisten, Skim MyCC dikendalikan oleh MyCB.
MyCB adalah sebuah jabatan di dalam CyberSecurity Malaysia, bertanggungjawab untuk menjalankan persijilan
dan menyelia operasi harian Skim Penilaian dan Pensijilan Kriteria Bersama Malaysia (MyCC).
Malaysia telah diterima sebagai ahli pengguna oleh Perjanjian Pengiktirafan Kriteria Bersama (CCRA) pada Mac
2007. CCRA adalah piawaian antarabangsa untuk mendapatkan jaminan dalam keselamatan dan sistem produk
ICT dan sehingga Mac 2009 sebanyak 26 buah negara menjadi ahli CCRA. Berikutan penerimaan ini, pada
Oktober 2008, kerajaan secara rasmi telah melantik CyberSecurity Malaysia sebagai badan pensijilan tunggal
bagi skim penilaian dan pensijilan berdasarkan kepada MS ISO/IEC 15408:2005 Teknologi Maklumat – Teknik
Keselamatan – Kriteria Penilaian bagi Keselamatan IT. Badan pensijilan ini dinamakan Badan Pensijilan Kriteria
Bersama Malaysia (MyCB).
BADAN PENSIJILAN KRITERIA BERSAMA MALAYSIA (MyCB)
Bagi perkhidmatan "di luar tapak", MyVAC menyediakan laporan penilaian keselamatan siber
berkaitan dengan menyediakan penilaian simulasi penetapan/konfigurasi semasa dengan sektor CNII
yang berkenaan. Perkhidmatan “di luar tapak” menyediakan ujian penembuasan luaran bagi
mengesahkan kelemahan rangkaian dan sistem pelanggan melalui internet.
t
Bagi menyediakan perkhidmatan di tapak, MyVAC mengkaji Laporan Audit CNII yang berkaitan dan
mengesyorkan cadangan keselamatan siber tambahan yang diperlukan. Terdapat dua (2) jenis
perkhidmatan “di tapak” iaitu:
For On-Site service, MyVAC reviews the relevant CNII’s Audit Report and acknowledges additional
cyber security recommendations. Two (2) types of “On-site” services provided by MyVAC are as
follows:
MyVAC menyediakan penilaian kelemahan di tempat pelanggan. Kami menggunakan
pendekatan Pertahanan-secara-terperinci” bagi memastikan kawalan teknikal diberi perhatian.
Skop yang ditawarkan termasuk tetapi tidak terhad kepada: Kajian seni bina rangkaian,
Rangkaian & Tanpa Wayar, Sistem Pelayan/operasi hos, aplikasi web, pangkalan data dan ujian
penembusan. Satu laporan Penilaian Kelemahan (VA) akan disediakan untuk pelanggan bagi
memperbaiki setiap kelemahan mereka.
MyVAC menyediakan khidmat nasihat penaksiran keselamatan siber dengan menawarkan penaksiran
gangguan “di tapak” dan “di luar tapak” bagi sektor CNII berkaitan.
2.2 PUSAT PENILAIAN KELEMAHAN (MyVAC)
MyVAC provides cyber security assessment service by offering “on-site” and “off-site” vulnerability
assessments for the relevant CNII sectors.
2.2 MALAYSIA VULNERABILITY ASSESSMENT CENTER (MyVAC)
36
MySEF carries out ICT security evaluations, independently of the IT developers, products or protection
profiles. The evaluation is conducted against the Common Criteria (CC) (MS-ISO/IEC 15408) and the
Common Evaluation Methodology (CEM) (MS-ISO/IEC 18405). The evaluation of products against the
CC establishes a level of confidence that the security functionality of these products is correctly
implemented and the assurance measures applied to these ICT products are appropriate. The
evaluation process examines the design of the product, the environment in which it was developed,
the delivery process, the guidance documentation, how it was tested, and includes a search for
vulnerabilities. Consumers of ICT security products may use the results of evaluations to determine
whether these ICT products fulfill their security needs.
2.1 MALAYSIA ICT SECURITY EVALUATION FACILITIES (MySEF)
Services provided by Security Assurance Department are as follows:
Security Assurance Department
Jabatan Perkhidmatan Jaminan Keselamatan
Security Assurance also aims to
improve the security posture of the
Critical National Information
Infrastructure (CNII) sectors
through security assessments and
to improve the nation’s ability in
mitigating cyber threats and
exploitation due to information
systems
and
technology
vulnerabilities.
Security Assurance, a department within CyberSecurity Malaysia, has responsibility for providing expert
services in ICT security products and systems evaluation based on the Common Criteria (ISO/IEC 15408).
Its objective is to promote a safe and reliable computing environment through the provision of assured ICT
security products and systems.
Evaluation services are necessary
to provide confidence in the
security capabilities of ICT
products and systems in defending
against the ICT threats.
Apart from providing protection; CyberSecurity Malaysia is also responsible for wealth creation from the
services provided.
2. Security Assurance Services
Other than what has been mentioned above, SMBP had successfully developed the National Cyber Crisis
Management Plan in collaboration with Majlis Keselamatan Negara (MKN), with the objectives of
providing a coordination platform in managing national cyber crisis.
One of SMBP’s main activities is to contribute towards Standard development in areas of information
security; both locally (with Standards Malaysia) and internationally (with ISO). SMBP had continuously
been providing contributions on standards development through the Technical Committee on Information
Security (TC5) and Technical Committee for BCM (TC-BCM). CyberSecurity Malaysia through SMBP had
continuously been given the trust to chair the Technical Working Group (WG4), a core group that handles
Security Controls and Services. SMBP had successfully pushed through the acceptance of ISO Information
Security Standard proposal on “Guideline for Identification, Collection and/or Acquisition and Preservation
of Digital Evidence” with the objective to ensure right procedure is globally accepted in the international
court of law.
2
37
MySEF menjalankan penilaian keselamatan ICT bebas terhadap pemaju, produk atau profil
keselamatan ICT. Penilaian ini dikendalikan dengan membandingkan profil perlindungan Kriteria
Bersama (CC) (MS-ISO/IEC 15408) dan Kaedah Penilaian Bersama (CEM) (MS-ISO/IEC 18405).
Penilaian produk berbanding CC mewujudkan tahap keyakinan bahawa fungsi keselamatan produk
tersebut telah dilaksanakan dengan tepat dan langkah jaminan yang diaplikasi kepada produk
tersebut juga telah dilakukan dengan sewajarnya. Proses penilaian ini meneliti rekabentuk produk
tersebut, persekitaran di mana ia dibangunkan, proses penyerahan, dokumentasi panduan dan cara
ia diuji dan termasuk meneliti kelemahannya. Pengguna produk keselamatan ICT boleh menggunakan
keputusan penilaian yang diperolehi bagi menentukan sama ada produk ICT tersebut memenuhi
ataupun tidak memenuhi keperluan keselamatannya.
2.1 KEMUDAHAN PENILAIAN KESELAMATAN ICT MALAYSIA (MySEF)
Berikut adalah perkhidmatan yang disediakan oleh Jabatan Jaminan Keselamatan:
Jaminan Keselamatan juga menyasar untuk mempertingkatkan kerangka keselamatan dalam Infrastruktur
Maklumat Negara Yang Kritikal (CNII) melalui penilaian keselamatan dan mempertingkatkan kemampuan
negara dalam mengawal ancaman dan eksploitasi siber disebabkan oleh kelemahan sistem maklumat dan
teknologi.
Jaminan Keselamatan adalah sebuah jabatan dalam CyberSecurity Malaysia yang bertanggungjawab
menyediakan perkhidmatan kepakaran yang melibatkan penilaian produk dan sistem keselamatan ICT
berasaskan Kriteria Bersama (ISO/IEC 15408). Ia bermatlamat menggalakkan persekitaran komputer yang
selamat dan berwibawa melalui penyediaan produk dan sistem keselamatan ICT yang terjamin.
Perkhidmatan penilaian diperlukan untuk memberi keyakinan terhadap keupayaan produk dan sistem ICT
yang mampu bertahan daripada sebarang ancaman ICT.
Selain daripada penyediaan perlindungan; CyberSecurity Malaysia juga bertanggungjawab terhadap
penciptaan kekayaan yang terhasil daripada perkhidmatan yang disediakan.
Perkhidmatan Jaminan Keselamatan
Selain daripada yang dinyatakan di atas, SMBP juga berjaya membangunkan Pelan Pengurusan Krisis Siber
Negara dengan kerjasama Majlis Keselamatan Negara (MKN), yang bermatlamat untuk menyediakan
platform dalam menguruskan krisis siber negara.
Salah satu aktiviti utama SMBP adalah untuk menyumbang kepada pembangunan Piawaian dalam bidang
keselamatan maklumat; sama ada di dalam (Piawaian Malaysia) mahupun di luar negeri (ISO). SMBP telah
menyumbang idea melalui Jawatankuasa Teknikal mengenai Keselamatan Maklumat (TC5) dan
Jawatankuasa Teknikal untuk BCM (TC-BCM). CyberSecurity Malaysia melalui SMBP terus diberi
kepercayaan untuk mempengerusikan Kumpulan Kerja Teknikal (WG4), kumpulan teras yang mengendalikan
Kawalan Keselamatan dan Perkhidmatan. SMBP berjaya mendorong penerimaan awal cadangan Piawaian
Keselamatan Maklumat ISO mengenai “Garis Panduan bagi Pengenalpastian, Pengumpulan dan/atau
Pengambilan dan Pemeliharaan Bukti Digital” dengan matlamat untuk memastikan bahawa prosedur yang
betul diterima di mahkamah antarabangsa.
34
Security Managemant & Best Practices Department
Jabatan Pengurusan Keselamatan dan Amalan Terbaik
Therefore, it was only natural that SMBP
coordinated the efforts to implement ISMS
in CyberSecurity Malaysia, until we
successfully obtained the ISMS certification
in July 2008. We are one of the only two
leading organizations in Malaysia so far,
that went through a full ISMS certification
for the whole organization. Usually, only
a certain department such as the IT
Department
goes
through
ISMS
certification process.
Through SMBP, we are promoting the
ISMS, which conforms to the ISO/IEC
27001:2005 standard, and encouraging
other organizations to get a full
certification.
Our Security Management and Best Practices Services offer expert advice in information security
management and best practices, focusing on Information Security Management System (ISMS) and
Business Continuity Management (BCM). Apart from these two specialized areas, SMBP has also been
developing information security guidelines and best practices for ICT community. With these guidelines in
order, we aim to share our expertise and knowledge to organisations and the public in creating a
sustainable and resilience information environment through awareness, training and expert advice.
1. Security Management and Best Practices (SMBP)
SECURITY QUALITY MANAGEMENT SERVICES
2008 has been a great year and we would like to use this achievement as the stepping-stone for more
successes in the years to come. DFD will tirelessly and continuously look for ways to improve the service
delivery processes to our stakeholders.
Our DFD also assisted varsities and colleges such as UiTM, UUM, UTM and UIA with course module
development, part-time lecturing, student internship programs and research programs at postgraduate
level. We did this to help produce more graduates in digital forensics arena; and we were told that our
efforts have begun to payoff, as more students have enrolled in digital forensics related courses.
Other highlights in 2008 were the initiation of the groundwork to get the profession of Digital Forensics
Analyst of CyberSecurity Malaysia to be endorsed under the provisions of Section 399 of the Criminal
Procedure Code (CPC).
Other notable achievements in 2008 were attaining international visibility whereby a few of our analysts
were invited to present at international conferences. Also, three of our analysts were accepted to be
members of the International High Technology Crime Investigation Association (HTCIA). In addition, we
have successfully produced and distributed to LEA and RB our very own Digital Forensics Live CD and
Pocket Guide for Digital Forensics First Responders. And became a member of the technical working group
(TWG25) to develop MS ISO 17025 (document examination for forensics science testing) and working
group (WG4) to develop ISO standard for guidelines for identification, collection and/or acquisition and
preservation of digital evidences.
35
Justeru, SMBP merupakan pihak yang paling sesuai menyelaras usaha melaksanakan ISMS di CyberSecurity
Malaysia, sehingga kami berjaya memperolehi persijilan pada Julai 2008. Kami merupakan salah sebuah
daripada hanya dua buah organisasi peneraju di Malaysia sehingga kini, yang berjaya melepasi pensijilan
ISMS bagi seluruh organisasi. Lazimnya, hanya sebuah jabatan seperti Jabatan IT yang melaksanakan
proses pensijilan ISMS.
Melalui SMBP, kami mempromosi ISMS yang selaras dengan standard ISO/IEC 27001:2005 dan
menggalakkan organisasi lain untuk mendapatkan pensijilan penuh.
Pengurusan Keselamatan dan Amalan Terbaik menawarkan nasihat pakar dalam pengurusan keselamatan
maklumat dan amalan terbaik keselamatan dengan memfokus terhadap Sistem Pengurusan keselamatan
Maklumat (ISMS) dam Pengurusan Kesinambungan Perniagaan (BCM). Selain daripada dua fungsi khusus
ini, SMBP juga telah membangunkan garis panduan sekuriti maklumat dan amalan terbaik dalam mmberi
panduan kepada organisasi-organisasi dan komuniti ICT. Dengan berkuatkuasanya garis panduan ini, kami
berhasrat untuk berkongsi kepakaran dan pengetahuan kami dengan organisasi dan orang ramai dalam
mewujudkan persekitaran maklumat yang mapan dan berdaya tahan melalui kesedaran, latihan dan
nasihat pakar.
1. Pengurusan Keselamatan dan Amalan Terbaik (SMBP)
PERKHIDMATAN PENGURUSAN KUALITI KESELAMATAN
Tidak syak lagi tahun 2008 merupakan tahun hebat buat kami dan kami ingin menggunakan kejayaan ini
sebagai batu loncatan untuk mencapai lebih banyak kejayaan pada tahun-tahun akan datang. DFD
bertekad akan terus berusaha mencari jalan untuk mempertingkatkan proses penyampaian perkhidmatannya
kepada para pemegang kepentingan.
DFD kami juga telah membantu universiti dan kolej seperti
UiTM, UUM, UTM dan UIA dalam membangun modul kursus,
memberi syarahan sambilan, program latihan sambil belajar
penuntut dan program penyelidikan di peringkat lepasan ijazah.
Kami melakukan usaha ini untuk menghasilkan lebih ramai
graduan dalam arena forensik, dan kami dimaklumkan bahawa
usaha kami sudah mula membuahkan hasil apabila lebih ramai
penuntut kini mendaftar dalam kursus berkaitan dengan forensik
digital.
Kejayaan penting lain yang dicapai pada tahun 2008 adalah
inisiatif asas untuk mendapatkan pengesahan bahawa Penganalisis
Forensik Digital CyberSecurity Malaysia termasuk di bawah
Seksyen 399 Kod Kanun Acara Jenayah (CPC).
Kejayaan yang tidak kurang pentingnya dicapai pada tahun 2008 adalah kemampuan memperolehi
perhatian antarabangsa apabila beberapa orang penganalisis kami dijemput untuk menghadiri
persidangan antarabangsa. Tiga orang penganalisis kami juga telah diterima menjadi ahli Persatuan
Siasatan Jenayah Teknologi Tinggi (HTCIA). Selain itu, kami berjaya mengeluarkan dan mengedar kepada
APU dan BPP CD Secara Langsung Forensik Digital dan Panduan untuk Pemaklum Pertama Forensik
Digital. Kami juga merupakan ahli kumpulan kerja teknikal (TWG25) untuk membangunkan MS ISO
17025 (dokumen peperiksaan untuk ujian sains forensik) dan kumpulan kerja (WG4) untuk membangunan
piawaian ISO bagi garis panduan pengenalpastian, pengumpulan dan/atau pengambilalihan dan
pemuliharaan bukti digital.
32
11
8
5
12
14
11
25
10
23
GRAPH 3 / GERAF 3
Monthly Statistic for DF Cases
Statistik Bulanan untuk Kes DF
0
15
FEB
JAN
20
APR
MAR/MAC
27
MEY/MAI
30
JUL
JUN
29
9
15
13
16
9
18
23
32
SEP
AUG/OGOS
41
NOV
OCT/OKT
40
17
21
DEC/DIS
137
105
91
48
49
58
20
41
30
13
5
45
GRAPH 4 / GERAF 4
Yearly Statistic for DF Cases
Statistik Tahunan untuk Kes DF
0
50
100
150
200
116
2002
250
2003
160
2004
300
2005
60
2006
Data Recovery
Pemerolehan Semula Data
2007
Digital Forensics
Forensik Digital
Year 2008 was also a remarkable year as we have successfully established a series of technical labs such
as data recovery lab (with class-100 clean booth facility), mobile phone forensics lab, audio & video
forensics lab and research lab. On top of that, we also produced more professionally certified analysts from
SANS Institute to cater for the industry’s ever-increasing demand. A total of seven digital forensics analysts
have been certified with internationally recognized professional certification namely SANS GCFA.
DFD’s achievement is recognized as a benchmark by the Malaysian government and thus our expertise is
sought by the LEA and RB venturing to replicate our holistic model of digital forensics capacity
development. With a fine blend of rookies, experienced, skilled and resourceful team of 21 digital forensics
analysts, DFD has built a model track record of achievement dedicated towards producing digital
forensics investigation and examination of the highest quality.
Between 2002 and 2008, we have assisted LEA and RB with 812 cases. Our forensics analysts have also
appeared in courts as expert witness.
In 2008, our Digital Forensics team handled a total of 297 cases, which was an increase by approximately
35% compared to the previous year. The cases were referred to us by various law enforcement agencies
(LEA) and regulatory bodies (RB) such as PDRM, KDRM, MCMC, SSM, SC, KPDN&HEP, SPRM, and JPJ.
The vision of the Digital Forensics Department (DFD) of CyberSecurity Malaysia is “to be a national centre
of reference and excellence in digital forensics with ASCLD/LAB-International accreditation”. The year
2008 was another successful year for the department albeit being one of the most challenging years since
its inception in 2002. DFD continued to extend its services to assist the Malaysian government and
regulatory bodies in criminal and civil cases involving digital evidences.
2. Digital Forensics - CyberCSI™
2008
2
Statistik bagi Kes Forensik Digital adalah seperti yang ditunjukkan dalam geraf 3 dan 4 di sebelah:
33
Tahun 2008 juga merupakan tahun yang memberangsangkan kerana kami berjaya mewujudkan satu siri
makmal teknikal seperti makmal pemerolehan semula data (dengan kemudahan class-100 clean booth),
makmal forensik telefon mudah alih, makmal forensik audio & video dan makmal penyelidikan. Di
samping itu, kami juga telah menghasilkan lebih ramai penganalisis bertauliah profesional dari Institut
SANS untuk memenuhi permintaan industri yang sentiasa mengalami peningkatan pemintaan. Seramai
tujuh penganalisis forensik digital telah diberi sijil yang diiktiraf di peringkat antarabangsa iaitu SANS
GCFA.
Pencapaian DFD diiktiraf sebagai ukuran oleh Kerajaan Malaysia dan ini menyebabkan kepakaran kami
diperlukan untuk membantu APU dan BPP yang cuba untuk menggunakan model keseluruhan
pembangunan kapasiti forensik digital. Dengan gabungan tenaga kerja baru, berpengalaman, mahir dan
gigih dalam pasukan forensik seramai 21 orang, DFD telah membina sebuah model rekod kejayaan yang
dikhususkan untuk menghasilkan penyiasatan dan pemeriksaan forensik digital yang berkualiti terbaik.
Antara tahun 2002 hingga 2008, kami telah membantu APU dan BPP dalam 812 kes. Penganalisis forensik
kami turut hadir ke perbicaraan di mahkamah sebagai saksi pakar.
Pada tahun 2008, pasukan Forensik Digital kami telah mengendalikan sejumlah 297 kes, meningkat lebih
kurang 35% berbanding tahun sebelumnya. Kes-kes timbul daripada pelbagai agensi penguatkuasa
undang-undang (APU) dan badan penguatkuasa peraturan (BPP) seperti PDRM, Kastam DiRaja Malaysia
(KDRM), Suruhanjaya Komunikasi dan Multimedia (MCMC), Suruhanjaya Syarikat Malaysia (SSM),
Suruhanjaya Sekuriti (SC), Kementerian Perdagangan Dalam Negeri & Hal-Ehwal Pengguna (KPDN&HEP),
Suruhanjaya Pencegahan Rasuah Malaysia (SPRM) dan Jabatan Pengangkutan Jalan.
Wawasan Jabatan Forensik Digital (DFD) CyberSecurity Malaysia adalah “untuk menjadi pusat rujukan
dan kecemerlangan negara dalam forensik digital dengan akreditasi Antarabangsa ASCLD/LAB”. Tahun
2008 merupakan satu lagi tahun cemerlang bagi jabatan ini walaupun ia menghadapi pelbagai cabaran
sejak penubuhannya pada tahun 2002. DFD terus memberikan perkhidmatannya untuk membantu
kerajaan Malaysia dan juga badan penguatkuasa peraturan dalam kes-kes jenayah dan sivil yang
melibatkan bukti digital.
Forensik Digital - CyberCSI™
30
Network Security Monitoring Training at the APCERT Conference in Hong Kong and at the Forum of
Incident Response & Security Team (FIRST) Technical Colloquium (TC) or “FIRST-TC” in Tokyo.
Distributed Honeypot Training for Higher Learning Institution and ISPs.
Incident Handling Workshops for local organizations.
A National Cyber Exercise
- MyCERT co-ordinated the cyber exercises with participation from local agencies.
ASEAN CERT Incident Drill 2008 (ACID)
- MyCERT participated as a player in the drill organized by SingCERT.
APCERT Cyber Exercise 2008
- MyCERT assisted in the co-ordination of the drill with AusCERT.
APCERT Conference, Hong Kong
APTLD Meeting, Kuala Lumpur
CNCERT Conference, China
TF-CSIRT Meeting 2008, Norway
APECTEL 38, Peru
OIC-CERT Meeting, Tunisia
To add to the long list of 2008 achievements, MyCERT was given the privilege to host the IRC server for
APCERT. This new communication platform was introduced to encourage more discussions and
collaborations between teams. Also, a video dramatizing the sequence of events simulated in the APCERT
Cyber Exercise 2007 was produced in May 2008. The video has been extensively used to educate and
explain to the public on the importance of emergency readiness and regional collaboration in mitigating
security incidents. With the permission of the APCERT steering committee, the video was first released at
World Cyber Security Summit in Kuala Lumpur.
MyCERT, via its parent organization, CyberSecurity Malaysia, signed two MoUs in 2008 with the Tunisian
CERT (CERT-TCC) and the Indonesia Security and Incident Response Team on Internet Infrastructure
(ID-SIIRTI). In addition to the MoUs, MyCERT had also become a member of the Anti-Phishing Working
Group and the Honeynet Project. MyCERT was also one of the sponsors for Sri Lanka CERT (SLCERT) to
become a member of Forum of Incident Response & Security Team (FIRST). In addition, MyCERT also
sponsored a CSIRT for a multinational organization based in Malaysia for FIRST membership.
In Malaysia, MyCERT conducted more than 21 presentations at seminars and conferences. Some of the
topics covered are malware analysis, deploying distributed honeynet, and network security trends. Other
than that, alerts, advisories and publications such as MyCERT’s quarterly report are available at MyCERT's
website, http//www.mycert.org.my/
t
t
t
t
t
t
MyCERT was also invited to speak at seminars and conferences in 2008. The followings are some of the
international conferences where MyCERT had participated as speaker:
t
t
t
The cyber-exercises participated by MyCERT are as follows:
t
t
t
The workshops or hands-on training conducted by MyCERT in 2008 include:
MyCERT had participated and organized both national and international events throughout the year. On
the local scene, MyCERT had been engaged to conduct trainings and talks in the area of incident handling,
malware analysis, and security trends for different kinds of audience. At the International stage, MyCERT
was also invited to seminars and conferences to share insights and case studies on a variety of security
related topics.
Latihan Pemantauan Keselamatan Rangkaian di Persidangan APCERT di Hong Kong dan di Forum of
Incident Response & Security Team (FIRST) Technical Colloquium (TC) atau ”FIRST-TC” di Tokyo.
Menjalankan Latihan Honeypot bagi Institusi Pengajian Tinggi dan ISP.
Bengkel Pengendalian Insiden untuk organisasi tempatan.
Latihan Siber Nasional
- MyCERT menyelaraskan latihan siber dengan penyertaan daripada agensi-agensi tempatan.
Latihan Insiden ASEAN CERT 2008 (ACID)
- MyCERT mengambil bahagian sebagai peserta dalam latihan anjuran SingCERT,
Latihan Siber APCERT 2008
- MyCERT membantu dalam penyelarasan latihan dengan AusCERT.
Persidangan APCERT, Hong Kong
Mesyuarat APTLD, Kuala Lumpur
Persidangan CNCERT, China
Mesyuarat TF-CSIRT 2008, Norway
APECTEL 38, Peru
Mesyuarat OIC-CERT, Tunisia
31
Sebagai tambahan kepada pelbagai kejayaan yang dicapai pada tahun 2008, MyCERT telah diberi
penghormatan untuk menjadi hos pelayan IRC bagi APCERT. Platform komunikasi baharu ini diperkenalkan
untuk menggalakkan lebih banyak perbincangan dan usahasama antara pasukan. Sebuah video yang
memaparkan turutan peristiwa yang disimulasi dalam Latihan Siber APCERT 2007 juga telah dikeluarkan
pada bulan Mei 2008. Video tersebut digunakan untuk mendidik dan menerangkan kepada orang ramai
berhubung kepentingan kesediaan menghadapi saat kecemasan dan permuafakatan serantau dalam
menangani insiden keselamatan. Atas kebenaran jawatankuasa pemandu APCERT, video tersebut telah
disiarkan buat pertama kali pada Persidangan Keselamatan Siber Dunia di Kuala Lumpur.
MyCERT, melalui organisasi induknya, CyberSecurity Malaysia, telah menandatangani dua MoU pada
tahun 2008 dengan Tunisia CERT (CERT-TCC) dan Pasukan Keselamatan dan Tindakan Insiden Indonesia
berhubung Infrastruktur Internet (ID-SIIRTI). Selain MoU tersebut, MyCERT juga merupakan ahli Kumpulan
Kerja Anti Penyamaran (Phishing) dan Projek Honeynet. MyCERT juga merupakan salah satu penaja bagi
Sri Lanka CERT (SLCERT) dan ahli FIRST. Selain itu, MyCERT turut menaja CSIRT untuk sebuah organisasi
multi-nasional yang berpangkalan di Malaysia untuk keahlian Forum of Incident Response & Security
Team (FIRST).
Di Malaysia, MyCERT menjalankan lebih 21 pembentangan dalam seminar dan persidangan. Antara topik
yang dibentangkan termasuk analisis perisian berbahaya, melancarkan pengagihan honeynet dan arah
aliran keselamatan rangkaian. Di samping itu, pelbagai amaran, khidmat nasihat dan penerbitan seperti
laporan suku tahunan MyCERT boleh didapati di laman web MyCERT di http//www.mycert.org.my/
t
t
t
t
t
t
MyCERT turut dijemput untuk menyampaikan ceramah di beberapa seminar dan persidangan pada tahun
2008. Berikut adalah antara persidangan peringkat antarabangsa yang disertai oleh MyCERT sebagai
penceramah:
t
t
t
Latihan siber yang disertai oleh MyCERT adalah seperti berikut:
t
t
t
Bengkel atau latihan secara langsung yang dijalankan oleh MyCERT pada tahun 2008 termasuk:
MyCERT telah mengambil bahagian dan menganjurkan beberapa acara peringkat kebangsaan dan
antarabangsa pada sepanjang tahun. Di dalam negara, MyCERT telah dipertanggungjawabkan untuk
mengadakan latihan dan ceramah dalam bidang berkaitan pengendalian insiden, analisis perisian
berbahaya dan arah aliran keselamatan bagi audiens yang berbeza. Di peringkat antarabangsa, MyCERT
turut dijemput ke pelbagai seminar dan persidangan untuk berkongsi maklumat dan kajian kes berhubung
pelbagai topik berkaitan keselamatan.
28
350
SEP
APR
OCT/OKT
1,37
2006
AUG/OGOS
JUL
915
2004
912
2003
JUN
625
2002
MEY/MAI
860
2001
MAR/MAC
527
1999
FEB
196
1998
JAN
81
1997
GRAPH 2 / GERAF 2
Yearly Incident Statistics / Statistik Insiden Tahunan
0
347
2000
500
754
2005
1,000
2007
1,500
1,038
GRAPH 1 / GERAF 1
2008 Monthly Incident Statistics / Statistik Insiden Bulanan 2008
0
50
100
150
200
250
300
NOV
Harassment
Gangguan
Fraud
Penipuan
Hack Treat
Ancaman Penggodam
Malicious Code
Kod xx
Denial-of-Services
xx Perkhidmatan
Intrusion
Pencerobohan
The year 2008 abuse statistics and incidents chart are as shown below:
Our log reported that 2123 incidents were referred to MyCERT in 2008. Generally, the security incidents
are categorized as intrusion, malicious code, fraud, harassment and spam. Abuse statistics and trends are
available on MyCERT website, where quarterly incident handling reports for year 1999 to 2008 can be
viewed at http : // www. mycert.org.my/ en/services/ statistic/ mycert/ 2008/ main/ detail/ 566/ index.
html
DEC/DIS
2008
MyCERT Department
Jabatan MyCERT
Statistik salahguna dan insiden pada tahun 2008 ditunjukkan dalam geraf 1 dan 2 di sebelah :
29
Log kami melaporkan sebanyak 2123 insiden telah dirujuk kepada MyCERT pada tahun 2008. Secara
amnya, insiden keselamatan dikategorikan sebagai pencerobohan, kod berbahaya, penipuan, gangguan
dan spam. Statistik dan arah aliran penyalahgunaan boleh didapati di laman web MyCERT di mana
laporan pengendalian insiden dari tahun 1999 hingga 2008 boleh didapati di: http:// www.mycert.org.
my/ en/ services/ statistic/ mycert/ 2008/ main/ detail/ 566/ index.html
26
In dealing with these incidents, collaboration and coordination with various parties such as law
enforcement agencies, corporate IT departments and legal departments were also sought to resolve the
attacks.
In 2008, MyCERT received reports indicating a growing number of targeted attacks such as defacements,
online frauds and identity thefts. Frauds and intrusion related incidents made up about 78% of total
incidents handled, while incidents involving malware (in particular botnet command and control, drop
sites, and bot infection) were also significant. Majority of the cases for frauds were of phishing in nature.
On the other hand, spam related incidents continued to grow in manifolds and dynamically subverting
filters as well as employing various social engineering techniques.
1. MyCERT – Cyber 999™
CYBER EMERGENCY SERVICES
TRAINING & OUTREACH
1.
Professional Training & Certification
2.
Outreach and Awareness Program
CYBER SECURITY STRATEGIC RESEARCH & POLICY
1.
Strategic Policy Research
2.
Cyber Media Research
3.
Policy Implementation Coordination
MALAYSIA COMMON CRITERIA CERTIFICATION BODY (MyCB)
SECURITY QUALITY MANAGEMENT SERVICES
1.
Security Management & Best Practices
2.
Security Assurance Services
t
Malaysia ICT Security Evaluation Facilities (MySEF)
t
Malaysia Vulnerability Assessment Center (MyVAC)
CYBER EMERGENCY SERVICES
1.
MyCERT – Cyber 999™
2.
Digital Forensics - CyberCSI™
To effectively carry our roles in securing the cyber space, CyberSecurity Malaysia has various
offerings that can be categorized into five areas of expertise or core services, namely:
The mere existence of CyberSecurity Malaysia is an assurance to individual internet users as well as
business establishments that there is an agency overseeing the well-being of the Malaysian cyber
space. Our existence also complements the MSC Malaysia initiative, by providing assurance to
foreign ICT companies that wish to set up operations here in Cyberjaya under the MSC Malaysia
Scheme that there is an agency tasked with securing the country’s cyber space on a full time basis.
Operations Review
27
Dalam menangani insiden-insiden sebegini, usaha sama dan penyelarasan dengan pelbagai pihak seperti
agensi penguatkuasa undang-undang, jabatan IT korporat dan jabatan-jabatan perundangan juga dilakukan
untuk menyelesaikan masalah serangan tersebut.
Pada tahun 2008, MyCERT menerima laporan mengenai peningkatan dalam serangan bersasaran seperti
pengubahan, penipuan online dan kecurian identiti. Insiden berkaitan penipuan dan pencerobohan
meliputi kira-kira 78% daripada keseluruhan insiden yang dikendalikan, manakala jumlah insiden
melibatkan perisian berbahaya (khususnya arahan dan kawalan botnet, laman drop, dan jangkitan bot)
juga mencatat angka yang tinggi. Sebahagian besar kes penipuan adalah berbentuk penyamaran. Pada
masa yang sama, insiden berkaitan spam juga terus melonjak dan berupaya menghindari saringan secara
dinamik serta menggunakan pelbagai teknik kejuruteraan sosial.
1. MyCERT – Cyber 999™
PERKHIDMATAN KECEMASAN SIBER
LATIHAN & MENDEKATI PELANGGAN
1.
Latihan & Pensijilan Profesional
2.
Program Mendekati dan Kesedaran Pelanggan
PENYELIDIKAN & DASAR KESELAMATAN SIBER
1.
Penyelidikan Dasar Strategik
2.
Penyelidikan Media Siber
3.
Penyelarasan Pelaksanaan Dasar
BADAN PENSIJILAN KRITERIA BERSAMA MALAYSIA (MyCB)
PERKHIDMATAN PENGURUSAN KUALITI KESELAMATAN
1.
Pengurusan & Amalan Terbaik Keselamatan
2.
Perkhidmatan Jaminan Keselamatan
t
Malaysia ICT Security Evaluation Facilities (MySEF)
t
Malaysia Vulnerability Assessment Center (MyVAC)
PERKHIDMATAN KECEMASAN SIBER
1.
MyCERT – Cyber 999™
2.
Forensik Digital - CyberCSI™
Bagi menjalankan peranan kami menjamin kesejahteraan di ruang angkasa siber, CyberSecurity
Malaysia menawarkan pelbagai perkhidmatan yang boleh dikategorikan dalam lima bidang
kepakaran teras; iaitu:
Penubuhan CyberSecurity Malaysia adalah bertujuan untuk menjamin pengguna internet individu
serta khalayak perniagaan bahawa terdapat sebuah agensi yang bertanggungjawab untuk memantau
keselamatan angkasa siber Malaysia. Kewujudan kami juga melengkapi inisiatif MSC Malaysia,
dengan menyediakan jaminan kepada syarikat-syarikat ICT asing yang ingin membina pangkalan
operasi di Cyberjaya di bawah Skim MSC Malaysia bahawa terdapat sebuah agensi yang
dipertanggungjawabkan untuk menjamin keselamatan ruang angkasa siber negara sepenuh masa.
Ulasan Operasi
24
CyberSecurity Malaysia berbesar
hati kerana dianugerahi dengan
BrandLaureate - SME Chapter
Award di bawah kategori
Penjenamaan Korporat ICT.
Anugerah tersebut telah
disampaikan oleh Menteri
Kewangan Kedua Tan Sri Nor
Mohamed Yakcop kepada En.
Zahri Yunos, Ketua Pegawai
Operasi CyberSecurity Malaysia.
CyberSecurity Malaysia is proud to
be conferred with The
BrandLaureate - SMEs Chapter
Award under the Corporate
Branding, ICT category. The award
was presented by the Second
Finance Minister, Tan Sri Nor
Mohamed Yakcop to En. Zahri
Yunos, Chief Operating Officer of
CyberSecurity Malaysia.
Chief Executive Officer
CyberSecurity Malaysia
Lt Col Husin Bin Jazri (Retired)
CISSP
Moving forward - we will continue to
carry out our strategic roles in
implementing the National Cyber
Security Policy and overseeing the
e-security aspect of the nation towards
reducing vulnerability of ICT systems
and networks. However, our focus for
the coming years would be to reach out to the individuals out there – the
internet users – who blogs, socialize, do business, and conduct commercial
transactions over the internet. We will intensify our programs aimed at
nurturing a culture of cyber security amongst us, ordinary people, who
desires freedom of expressions in a safe and secure cyberspace.
In November 2008, we had a pleasant
surprise when the Asia Pacific
BrandLaureate - which is known as the
Grammy Awards for branding nominated us for the SME BrandLaureate
– ICT category. CyberSecurity Malaysia
is proud to have won the Best Brand in
Internet Security Award for 2008.
A Customer Satisfaction Survey (CSS) that we conducted in September 2008
- with the objective to gauge the overall satisfaction climate with regard to
our service level and professionalism - revealed an 81% customer satisfaction
rating. This rating will be our baseline for 2009, which means we will have
to work harder to exceed this high expectation.
Our outreach and collaboration activities include speaking and partipating
at the national and international front. Among others, we were invited as
speakers at the National Institute of Public Administration (INTAN), the
Judicial and Legal Training Institute (ILKAP), the Asia Pacific Computer
Emergency Response Team (APCERT), More on our achievements and
milestones are mentioned in other sections of this annual report, particularly
in the “Operations Review” section where we describe our offerings and
what have been achieved under each of our core service offerings.
Ketua Pegawai Eksekutif
CyberSecurity Malaysia
Lt Col Husin Bin Jazri (Bersara)
CISSP
25
Sebagai langkah menuju ke hadapan, kami akan terus memainkan peranan strategik untuk melaksanakan Dasar
Keselamatan Siber Nasional (NCSP) dan mengawasi aspek e-keselamatan negara ke arah mengurangkan tahap
mudah terjejas sistem dan rangkaian ICT. Walau bagaimanapun, fokus kami dalam tempoh beberapa tahun
akan datang adalah untuk sampai kepada lebih ramai individu di luar sana – para pengguna internet – menulis
blogs, bersosial, mengendalikan urusan perniagaan dan menjalankan urusniaga secara komersial melalui
internet. Kami akan memperhebatkan program kami yang bertujuan memupuk budaya keselamatan siber di
kalangan kita semua iaitu orang biasa yang inginkan kebebasan bersuara di ruang siber secara lebih sihat dan
selamat.
Pada bulan November 2008, kami telah dikejutkan dengan satu berita gembira apabila Asia Pacific
BrandLaureate, sebuah anugerah seumpama Grammy Awards bagi jenama, telah mencalonkan kami sebagai
SME BrandLaureate – untuk kategori ICT. CyberSecurity Malaysia berasa bangga kerana berjaya muncul sebagai
pemenang Jenama Terbaik bagi kategori Keselamatan Internet pada tahun 2008.
Kami telah menjalankan satu Kaji Selidik Kepuasan Pelanggan (KSKP) pada bulan September 2008 dengan
matlamat untuk mengukur iklim kepuasan secara keseluruhan berkaitan tahap perkhidmatan dan sikap
profesionalisma. Kajian tersebut menunjukkan bahawa kami telah berjaya memberi 81% kadar kepuasan
kepada para pelanggan. Penarafan ini akan dijadikan asas rujukan pada tahun 2009, di mana kami akan bekerja
dengan lebih tekun lagi untuk mengatasi tahap pencapaian semasa.
Program menjalin perhubungan dan aktiviti permuafakatan yang kami jalankan termasuk kuliah dan penyertaan
di dalam pelbagai acara baik di peringkat nasional mahupun antarabangsa. Antara lain, kami telah diundang
sebagai penceramah di Institut Tadbiran Awam Negara (INTAN), Institut Latihan Kehakiman dan Perundangan
(ILKAP), the Asia Pacific Computer Emergency Response Team (APCERT). Butiran mengenai pencapaian dan
mercutanda kami diterangkan dengan lebih lanjut di beberapa bahagian lain dalam laporan tahunan ini,
terutamanya dalam “Ulasan Operasi” di mana tawaran dan pencapaian yang kami telah catatkan di bawah
setiap tawaran perkhidmatan utama kami.
22
In 2008, we also represented Malaysia as a member in the Economic
Research Institute of ASEAN and East Asia (ERIA) information security
project. The project is managed by Japan. This collaboration creates
opportunity for active participation in programs relating to cyber security and
enhances visibility and networking opportunity for CyberSecurity Malaysia.
Another important milestone is when the government appointed CyberSecurity
Malaysia in October 2008, as the sole Certification Body for the evaluation
and certification scheme based on MS ISO/IEC 15408: 2005 Information
Technology – Security Techniques – Evaluation Criteria for IT Security. This
certification body is named Malaysian Common Criteria Certification Body
(MyCB). And what does this mean to the man in the street? Through MyCC
Scheme, we can evaluate and later certify the development of ICT products
by looking at various factors. These include the development environment,
life-cycle, user guidance, as well as conducting testing and assessments.
Furthermore, CyberSecurity Malaysia is also able to review the source code
of software to test for vulnerabilities. All in all, MyCC will ensure that
Malaysian-made ICT products are secure and effective by evaluating and
then certifying the functionality, integrity, and quality of security functions
built into ICT applications or systems.
And in July 2008, I am proud to report that upon satisfying all the requirements
for Information Security Management System (ISMS), we were awarded the
ISMS ISO/IEC 27001 certification. We successfully went through a full ISMS
certification for the whole organization, using internal resources.
A notable achievement is that CyberSecurity Malaysia has been voted for the
second time as the chair of the Asia Pacific Computer Emergency Response
Team (APCERT) for the year 2008 (we were also voted to chair APCERT in
2007). This is a remarkable achievement given the fact that APCERT is an
organization comprising 21 Computer Emergency Response Teams (CERTs)
from 15 economies within the Asia Pacific region, which includes developed
countries such as Japan, South Korea and Australia.
We were officially incorporated in March 2007 with our current name
“CyberSecurity Malaysia” as a not-for-profit company limited by guarantee,
under the purview of the Ministry of Science, Technology & Innovation
(MOSTI). We can say that 2008 is only our second year of carrying out those
two strategic mandates mentioned above. Time flew too fast for us in 2008,
and I am glad to have this opportunity to stop and look back at what we have
achieved throughout the year.
23
Pada tahun 2008, kami turut mewakili Malaysia sebagai sebuah anggota projek keselamatan maklumat
Economic Research Institute of ASEAN dan East Asia (ERIA). Projek ini dikendalikan oleh Jepun. Permuafakatan
ini menerbitkan peluang untuk menarik penyertaan secara aktif ke dalam pelbagai program berkaitan
keselamatan siber serta mempertingkatkan peluang dilihat dan mewujudkan rangkaian kepada CyberSecurity
Malaysia.
Satu lagi mercutanda penting yang dicapai ialah pelantikan CyberSecurity Malaysia oleh kerajaan pada bulan
Oktober 2008, sebagai satu-satunya Badan Pensijilan untuk skim penilaian dan pensijilan berasaskan MS ISO/
IEC 15408: 2005 Information Technology – Security Techniques – Evaluation Criteria for IT Security. Badan
pensijilan ini dikenali sebagai Badan Pensijilan Kriteria Bersama Malaysia (MyCB). Apakah kepentingannya
kepada orang ramai? Melalui Skim MyCC, kami boleh menilai dan kemudian memberi pensijilan pembangunan
produk ICT dengan melihat kepada pelbagai faktor. Ini meliputi persekitaran pembangunan, kitar hayat,
panduan pengguna serta pengendalian dan penaksiran ujian. Selain itu, CyberSecurity Malaysia juga mampu
menyemak kod sumber perisian untuk menguji daya tahan gangguannya. Secara keseluruhan, MyCC akan
memastikan supaya produk ICT buatan Malaysia adalah selamat dan berkesan dengan menilai dan kemudian
mensijil fungsian, kewibawaan dan kualiti fungsi keselamatan yang dibina di dalam aplikasi atau sistem ICT.
Saya berasa bangga untuk melaporkan bahawa pada bulan Julai 2008, selepas memenuhi seIuruh keperluan
Sistem Pengurusan Keselamatan Maklumat (ISMS), kami telah dianugerahkan dengan pensijilan ISMS ISO/IEC
27001. Kami juga berjaya melaksanakan pensijilan ISMS sepenuhnya bagi seluruh organisasi.
Pemilihan CyberSecurity Malaysia sebagai Pengerusi Asia Pacific Computer Emergency Response Team
(APCERT) buat kali kedua pada tahun 2008 (kami juga dipilih untuk mempengerusikan APCERT pada tahun
2007) merupakan satu pencapaian yang sangat membanggakan. Pencapaian ini sungguh bermakna kerana
APCERT adalah sebuah organisasi yang terdiri daripada 21 Pasukan Tindakbalas Kecemasan Komputer (CERTs)
dari 15 buah negara di rantau Asia Pasifik, merangkumi negara-negara maju seperti Jepun, Korea Selatan dan
Australia.
Kami diperbadankan secara rasmi pada bulan Mac 2007 dengan menggunakan nama kami sekarang,
“CyberSecurity Malaysia” sebagai sebuah syarikat bukan keuntungan, dengan jaminan berhad dan diletakkan
di bawah kawalselia Kementerian Sains, Teknologi & Inovasi (MOSTI). Tahun 2008 hanyalah tahun kedua kami
dalam melaksanakan dua mandat strategik yang disebutkan di atas. Memang masa berlalu begitu pantas pada
tahun 2008 dan saya berasa bangga untuk mengimbas kembali pelbagai kemajuan yang telah dicapai sepanjang
tahun tersebut.
20
Lt Col Husin Bin Jazri (Retired)
Chief Executive Officer /
Ketua Pegawai Eksekutif
CISSP
Matlamat strategik
CyberSecurity Malaysia
telah dirangka selaras
dengan pendekatan
ekonomi berteraskan
inovasi yang mana
inovasi yang didorongi
oleh teknologi
diseimbangkan dengan
inovasi yang didorongi
oleh pasaran.
CyberSecurity
Malaysia's strategic
goals have been
developed in line with
the innovation-led
economy approach
that strikes the
balance between
technology-driven and
market-driven
innovation.
Sepuluh (10) tahun selepas itu, kami melalui satu lagi proses transformasi
daripada NISER menjadi agensi keselamatan siber nasional yang diamanah
untuk melaksanakan dua mandat yang amat penting iaitu (1) membantu
kerajaan melaksanakan Dasar Keselamatan Siber Nasional (NCSP) yang
diterima pakai oleh kerajaan pada tahun 2006; dan (2) untuk mengawasi
aspek e-keselamatan negara.
Masa berlalu begitu pantas, lebih-lebih lagi jika tempoh yang dilalui itu
merupakan detik-detik yang menyeronokkan. Sambil mengimbas prestasi
yang dicatatkan pada tahun 2008, ia mengingatkan saya kembali ke tahun
1997, di mana kami memulakan operasi sebagai sebuah unit kecil di bawah
MIMOS Berhad yang dibarisi oleh lima orang kakitangan sahaja. Ketika itu
kami dikenali sebagai Malaysian Computer Emergency Response Team
(MyCERT) dan tiga (3) tahun kemudian kami mengorak langkah lebih jauh
ke hadapan dan dikenali sebagai National ICT Security & Emergency
Response Centre (NISER).
Perutusan
Ketua Pegawai Eksekutif
Then, ten (10) years later, we were again transformed from NISER to become
the national cyber security agency entrusted with two very important
mandates, namely (1) to assist the government in implementing the National
Cyber Security Policy (NCSP) which was adopted by the government in
2006; and (2) to oversee the e-security aspect of the nation.
Time flies, people often say. More so, if we are having fun. Looking back at
y unit
our performance in 2008, reminds me how we started in 1997 as a tiny
nown
under MIMOS Berhad with only five employees. Back then we were kn
as the Malaysian Computer Emergency Response Team (MyCERT) and three
(3) years later we grew up to become the National ICT Security & Emerg
gency
Response Centre (NISER).
Foreword by the CEO
21
18
Jawatankuasa Pengurusan
n
Managementt
e
Committee
Roshdi holds a Bachelor Degree in
Business Studies (Marketing) Hons from
University Technology MARA (UiTM) and
a Diploma in Agribusiness from
University Putra Malaysia (UPM).
Responsible for all corporate planning
and strategy matters, Roshdi is the
secretariat for the Management
Committee (MC) of CyberSecurity
Malaysia.
Jailany has an LL. B (Hons) from the
University of Malaya. He is an Advocate
and Solicitor of the High Court of Malaya
and also a Licensed Company Secretary.
Jailany is responsible for all Legal and
Secretarial matters of the company and in
advising the management on legal and
company secretarial matters.
Roshdi memiliki Ijazah Sarjana Muda
Pengajian Perniagaan (Pemasaran)
dengan Kepujian dari Universiti
Teknologi MARA (UiTM) dan Diploma
Perniagaan Pertanian dari Universiti Putra
Malaysia (UPM). Roshdi
bertanggungjawab ke atas perkara
berkaitan strategi dan perancangan
korporat syarikat dan merupakan
Setiausaha Jawatankuasa Pengurusan bagi
CyberSecurity Malaysia.
Ketua, Jabatan Perancangan Korporat dan
Strategi
Ketua, Jabatan Perundangan dan
Kesetiausahaan/Setiausaha Syarikat
Jailany memiliki LL. B (Kepujian) dari
Universiti Malaya. Beliau merupakan
Peguambela dan Peguamcara di
Mahkamah Tinggi Malaya dan juga
merupakan seorang Setiasauaha Syarikat
Berlesen. Jailany bertanggungjawab ke
atas semua perkara berkaitan
Perundangan dan Kesetiausahaan syarikat
dan memberikan khidmat nasihat kepada
pihak pengurusan di atas perkara
berkaitan perundangan dan
kesetiausahaan syarikat.
Head, MyCERT Department
Head, Corporate Planning and
Strategy Department
Department/ Company Secretary
Adli berkelulusan Sarjana Sains Komputer
dalam Kejuruteraan Perisian. Sebagai
Ketua Pasukan Tindakbalas Kecemasan
Komputer Malaysia (MyCERT), beliau
menerajui operasi harian perkhidmatan
pengendalian insiden Cyber999
CyberSecurity Malaysia dan
pembangunan Sistem Amaran Awal Siber.
Adli juga terlibat dalam pelbagai inisiatif
sekuriti rangkaian global seperti Forum
Pasukan Tindakan Insiden (FIRST),
Pasukan Tindakbalas Kecemasan
Komputer Asia Pasifik (APCERT),
Kumpulan Kerja Anti-Phishing (APWG)
dan Projek Honeynet.
Adli has a MSc. Computer Science in
Software Engineering. As the Head of the
Malaysia Computer Emergency Response
Team (MyCERT), he leads the daily
operations of CyberSecurity Malaysia’s
Cyber999 incident handling service and
the development of the Cyber Early
Warning Systems. Adli is also involved in
various global network security initiatives
such as the Forum of Incident Response
Teams (FIRST), the Asia Pacific Computer
Emergency Response Team (APCERT), the
Anti-Phishing Working Group (APWG)
and the Honeynet Project.
Ketua, Jabatan MyCERT
Adli
bin Abd Wahid
Roshdi
Roshd
bin Hj Ahmad
Jailany
bin Jaafar
19
Anwer memiliki ijazah Sarjana Muda
Sains jurusan Kejuruteraan Aero Angkasa
dari Embry-Riddle Aeronautical
University, Daytona Beach, Florida.
Dengan 20 tahun pengalaman luas dalam
industri Teknologi Maklumat (IT),
kemahiran Anwer meliputi Perancangan
Sumber Perusahaan, Pengurusan Rantaian
Bekalan, Proses Penjuruteraan Semula
Perniagaan, peraturan telekomunikasi
Malaysia, jalur lebar tanpa wayar, dan
perdagangan elektronik.
Anwer holds a Bachelor of Science
degree in Aeronautical Engineering from
Embry-Riddle Aeronautical University,
Daytona Beach, Florida. With 20 years of
extensive experience in the Information
Technology (IT) industry; Anwer’s skillsets encompass Enterprise Resource
Planning, Supply Chain Management,
Business Process Re-engineering,
Malaysian telecommunications
regulation, wireless broadband, and
electronic commerce.
Aswami is a GIAC Certified Forensics
Analyst (GCFA), and a Certified Ethical
Hacker (CEH). He is holding a degree in
Electronics Engineering from University of
Liverpool, United Kingdom; and a Master
in Management from Universiti Malaya.
Aswami had managed more than 500
digital forensics investigations and
handled computer related crimes with
various law enforcement agencies/
regulatory bodies in Malaysia and ICT
system/product audit.
Aswami adalah seorang Penganalisis
Forensik Bertauliah GIAC (GCFA) dan
Penggodam Beretika Bertauliah (CEH).
Beliau berkelulusan Kejuruteraan
Elektronik dari University of Liverpool,
United Kingdom; dan Sarjana Pengurusan
dari Universiti Malaya. Aswami telah
menguruskan lebih daripada 500
penyiasatan forensik digital dan
berpengalaman mengendalikan kes
jenayah membabitkan komputer dengan
pelbagai agensi penguatkuasa undangundang/badan peraturan di Malaysia dan
audit sistem / produk ICT.
Ketua, Jabatan Pembangunan Perniagaan
Head, Business Development
Department
Moh
Mohamed
hamed Anwer
bin Mohamed Yusoff
Ketua, Jabatan Forensik Digital
Head, Digital Forensics
Department
Asw
Aswami
Fadillah
bin Mohd Ariffin
Ketua Pegawai Eksekutif (CEO)
Lt Col Husin
bin Jazri (Retired)
16
Husin memiliki Ijazah Sarjana Sains (Kepujian) Keselamatan Maklumat dari
Royal Holloway University of London, United Kingdom, Ijazah Sarjana
Pengurusan Perniagaan dari Universiti Putra Malaysia (UPM) dan Ijazah
Sarjana Muda Sains Kejuruteraan Awam dari University of Hartford,
Connecticut, Amerika Syarikat. Husin juga memiliki pensijilan profesional
Certified Information Systems Security Professional (CISSP), dan beliau
merupakan ahli lembaga pengarah International Information Systems
Security Certification Consortium, Inc. (ISC)2 (semenjak tahun 2006), serta
ahli kepada Lembaga Penasihat Asia bagi (ISC)2, dan juga Pengerusi kepada
Persatuan Keselamatan IT Malaysia (2003 – 2007). Husin juga menjadi
Pengerusi kepada Jawatankuasa Penasihat Vokasional Malaysia – Teknologi
Komunikasi dan Maklumat (ICT), Jabatan Pembangunan Kemahiran,
Kementerian Sumber Manusia; dan Naib Presiden kepada Persatuan
Penyelidikan Kriptologi Malaysia (MSCR), Institut Penyelidikan Matematik,
Universiti Putra Malaysia (UPM).
Husin holds an MSc (with distinction) in Information Security from the Royal
Holloway University of London, UK, a Master in Business Administration
from University Putra Malaysia (UPM) and a BSc in Civil Engineering from
University of Hartford, Connecticut, USA. Husin is a Certified Information
Systems Security Professional (CISSP). He is a member of the Board of the
International Information Systems Security Certification Consortium, Inc.
(ISC)2 (since 2006), a member of the (ISC)2 Asian Advisory Board, and the
Chairman of the Malaysian IT Security Association (2003 – 2007). Husin is
also the Chairman of the Malaysian Vocational Advisory Committee –
Information and Communication Technology (ICT), Department of Skills
Development, Ministry of Human Resources; and Vice President of the
Malaysian Society for Cryptology Research (MSCR), Institute for Mathematical
Research, University Putra Malaysia (UPM).
Jawatankuasa
Pengurusan
Management
Committee
Zahri berkelulusan Sarjana Sains
Kejuruteraan Elektrik dari Universiti
Teknologi Malaysia (UTM) dan Sarjana
Muda Sains dalam bidang Sains Komputer
dari Fairleigh Dickinson University, New
Jersey, AS. Beliau memiliki Pensijilan
Associate Business Continuity Professional
(ABCP) dari Disaster Recovery Institute
International (DRII), AS. Zahri terlibat
secara aktif dalam penubuhan Panel
Pakar (POE) NISER dan Pasukan
TindabalasKecemasan Komputer
Pertubuhan Persidangan Negara-negara
Islam (OIC-CERT), yang telah banyak
memberi manfaat kepada negara.
Zahri has an MSc in Electrical
Engineering from Universiti Teknologi
Malaysia (UTM) and a BSc in Computer
Science from Fairleigh Dickinson
University, New Jersey, USA. He is a
certified Associate Business Continuity
Professional (ABCP) by the Disaster
Recovery Institute International (DRII),
USA. Zahri is actively involved in the
establishment of NISER’s Panel of Experts
(POE) and the Organisation of Islamic
Conference-Computer Emergency
Response Team (OIC-CERT), which have
benefited the nation at large.
Iskandar memiliki Ijazah Sarjana Muda
Kesusasteraan Inggeris dari University of
Massachusetts, Amherst, Amerika
Syarikat, Diploma Pendidikan dari
Universiti Teknologi Malaysia (UTM) dan
Diploma Analisis Pelaburan Malaysia
(RIIAM) dan Royal Melbourne Institute of
Technology (RMIT). Beliau mengetuai
enam jabatan di Bahagian Pejabat Ketua
Pegawai Eksekutif, iaitu: Strategi &
Perancangan Korporat, Acara Korporat,
Perhubungan Awam dan Protokol,
Penjenamaan Korporat & Perhubungan
Media, Sumber Manusia, Latihan, dan
Capaian.
Iskandar has a Bachelor Degree in English
Literature from the University of
Massachusetts, Amherst, USA, a Diploma
in Education from University Technology
Malaysia (UTM) and a Diploma in
Investment Analysis from the Research
Institute of Investment Analysis Malaysia
(RIIAM) and the Royal Melbourne
Institute of Technology (RMIT). He leads
six departments within the purview of
CEO’s office division, namely: Corporate
Planning & Strategy, Corporate Events, PR
& Protocol, Corporate Branding & Media
Relations, Human Resources, Training,
and Outreach.
Pengarah, Pejabat CEO
Director, CEO’s Office
Chief Operating Officer (COO)
Ketua Pegawai Operasi (COO)
Noor Iskandar Hashim
bin Noor
Zahri
bin Yunos
Mohd Shamir adalah graduan Ijazah
Sarjana Muda Sains Kejuruteraan Awam
dari University of Missouri – Kansas City,
Amerika Syarikat. Beliau kini mengetuai
tiga jabatan di CyberSecurity Malaysia
iaitu Penyelidikan Dasar Strategik,
Koordinasi Pelaksanaan Dasar, dan
Penyelidikan Media Siber.
Mohd Shamir graduated from the
University of Missouri – Kansas City,
USA, with a BSc in Civil Engineering. He
is now leading three departments under
CyberSecurity Malaysia namely the
Strategic Policy Research, the Policy
Implementation Coordination, and the
Cyber Media Research.
Ketua, Bahagian Dasar dan Penyelidikan
Keselamatan Siber
and Policy Division
Mohd Shamir
bin Hashim
17
Mohd Roslan memiliki Ijazah Sarjana
Muda Sains Kejuruteraan Awam dari
University Hartford, Connecticut,
Amerika Syarikat, Diploma Lanjutan
Analisis Sistem dari Universiti Teknologi
MARA (UiTM), dan Sijil Keselamatan dan
Kesihatan Pekerjaan Kebangsaan
(NIOSH). Beliau mengetuai empat jabatan
iaitu Kewangan, Keselamatan Fizikal dan
Pentadbiran, Perolehan, dan Pusat
Sumber Ilmiah.
Mohd Roslan holds a BSc in Civil
Engineering from University of Hartford,
Connecticut, USA, a Post Graduate
Diploma in System Analysis from
University Technology MARA (UiTM),
and a Certificate in Safety and Health
from the National Institute of
Occupational Safety and Heath (NIOSH).
He leads four departments namely the
Finance, the Admin and Physical
Security, the Procurement, and the
Knowledge Resource Centre.
Ketua, Bahagian Khidmat Korporat
Moh Roslan
Mohd
bin Ahmad
14
Internal Auditor / Juruaudit Dalaman
Abd Rouf bin
Mohammed Sayuti
Company Secretary / Setiausaha Syarikat
Jailany bin Jaafar
DIRECTOR / Pengarah
CHAIRMAN / Pengerusi
Dato’ Abdul Hanan adalah Ketua Setiausaha Kementerian Sains,
Teknologi dan Inovasi, Malaysia (MOSTI) sejak 15 Mei 2006. Beliau
memiliki Ijazah Sarjana Muda Ekonomi dari Universiti Malaya, Sarjana
Pengurusan Perniagaan dari Syracuse University, Amerika Syarikat, dan
telah menghadiri Program Pengurusan Lanjutan di Universiti Harvard,
Amerika Syarikat. Beliau telah berkhidmat dengan Kerajaan Malaysia
semenjak tahun 1974. Selain itu, beliau juga mempunyai pengalaman
luas di dalam pentadbiran badan korporat melalui kapasiti beliau sebagai
ahli Lembaga Pengarah di beberapa Syarikat Berkaitan Kerajaan (GLC).
Husin merupakan Ketua Pegawai
Eksekutif, CyberSecurity Malaysia dan
juga antara Pengarah yang pertama
semenjak penubuhan Pusat Tindakbalas
Kecemasan dan Keselamatan ICT
Kebangsaan atau NISER (sebelum ianya
dikenali sebagai CyberSecurity Malaysia).
Beliau memiliki Sarjana Sains di dalam
bidang Keselamatan Maklumat dari Royal
Holloway University of London, United
Kingdom dan Sarjana Pengurusan
Perniagaan dari Universiti Putra Malaysia
(UPM).
Husin is the Chief Executive Officer of
CyberSecurity Malaysia and also one of
the first Directors since the incorporation
of National ICT Security and Emergency
Response Centre of NISER (former name
of CyberSecurity Malaysia). He holds a
MSc in Information Security from the
Royal Holloway University of London,
UK and a Master in Business
Administration from Universiti Putra
Malaysia (UPM).
Lt Col Husin
bin Jazri (Retired)
Dato' Abdul Hanan
bin Alang Endut
Dato’ Abdul Hanan is the Secretary General of the Ministry of Science,
Technology and Innovation, Malaysia (MOSTI) since 15th May 2006.
He has a degree in Economics from the University of Malaya, a Master in
Business Administration from Syracuse University, USA, and has
attended the Advanced Management Program in Harvard University,
USA. He has served the Government of Malaysia in various capacity
since 1974. His expertise among others; are in the fields of financial
management, public administration and human resources management.
He is also a member of the Board of Directors for a number of
Government Link Corporations (GLC).
Ahli Lembaga
Pengarah
Board
Members
Md. Shah merupakan Setiausaha
Bahagian, Bahagian Dasar Keselamatan
Siber dan Angkasa, Majlis Keselamatan
Negara, Jabatan Perdana Menteri. Beliau
memiliki Ijazah Sarjana Muda Sains di
dalam bidang Kejuruteraan Elektrikal dari
Connecticut State University, Amerika
Syarikat.
Md. Shah is the Under Secretary of the
Cyber and Space Security Policy Division,
National Security Council of the Prime
Minister’s Department. He has a BSc in
Electrical Engineering from the
Connecticut State University, USA.
DIRECTOR / Pengarah
Ir. Md. Shah Nuri
bin Md. Zain
15
Rubaiah merupakan Setiausaha Bahagian,
Bahagian Infrastruktur, Aplikasi dan
Teknologi, bagi Sektor Komunikasi,
Kementerian Tenaga, Air dan Komunikasi.
Beliau memiliki Ijazah Sarjana Muda
Sains (Kepujian) Matematik dan Aplikasi
IT dari University of Wales Institute of
Science and Technology, United
Kingdom.
Rubaiah is the Under Secretary of the
Infrastructure, Applications and
Technology Division, Communication
Sector, Ministry of Energy, Water and
Communications. She has a BSc. (Hon)
Mathematics and IT Applications from the
University of Wales Institute of Science
and Technology, UK.
DIRECTOR / Pengarah
Rubaiah
Bte Hj Hashim
12
CHAIRMAN
CyberSecurity Malaysia
Dato’ Abdul Hanan bin Alang Endut
I am also indebted to the previous Chairman and the rest of the Board
Members for their contributions for the betterment of CyberSecurity Malaysia
in the past year. My heartfelt appreciation also goes to the Management and
the staff of CyberSecurity Malaysia for their tireless efforts and dedication
towards the success and excellence of the organisation. May CyberSecurity
Malaysia continue to flourish and prosper to become a globally recognised
National Cyber Security Reference and Specialist Centre!
On behalf of the Board, I would like to express my gratitude to the Ministry
of Science, Technology & Innovation (MOSTI), the Ministry of Finance and
other relevant government bodies which have given their supports and
contributions to CyberSecurity Malaysia in 2008. I would also like to
dedicate our special thanks to our international affiliates for their continuous
commitment in assisting CyberSecurity Malaysia’s participation to develop a
secure cyberspace.
Acknowledgements
Since its inception in 2005, CyberSecurity Malaysia was entrusted to assist
the government in implementing the NCSP to ensure that our CNII are well
protected. Subsequently, action plans were drafted for a smooth flow of the
NCSP agenda. It has been quite a demanding journey throughout the year
of 2008. I am pleased to announce that CyberSecurity Malaysia has played
a vital role in coordinating the efforts to ensure the successful implementation
of the NCSP.
Driven by the ambition to have a positive development of the ICT sectors and
at the same time, to secure Malaysia’s Critical National Information
Infrastructure (CNII), the Government has undertaken a number of initiatives
to achieve these objectives. One of the initiatives is the formation of the
National Cyber Security Policy (NCSP). NCSP was developed by the Ministry
of Science, Technology & Innovation (MOSTI) to combine efforts at national
level for the enhancement of Malaysia’s CNII security. The NCSP recognizes
the critical and highly dependent nature of the nation’s information
infrastructure and aims to develop a comprehensive framework and
programmes that ensure the effectiveness of information security controls
over vital assets.
PENGERUSI
CyberSecurity Malaysia
Dato’ Abdul Hanan bin Alang Endut
Saya juga berasa amat terhutang budi kepada
Pengerusi terdahulu dan seluruh Anggota
Lembaga Pengarah atas sumbangan mereka
untuk memperbaiki dan memperkukuhkan
CyberSecurity Malaysia pada tahun lepas.
Penghargaan setulus ikhlas tidak saya lupakan
kepada seluruh Pengurusan dan kakitangan
CyberSecurity Malaysia atas usaha dan dedikasi
tanpa berbelah bahagi mereka ke arah kejayaan
dan kegemilangan organisasi ini. Didoakan
semoga CyberSecurity Malaysia terus
berkembang maju menjadi sebuah Pusat
Rujukan dan Pakar Keselamatan Siber Negara
yang disegani di peringkat global.
13
Saya bagi pihak Lembaga Pengarah, ingin mengucapkan setinggi-tinggi penghargaan kepada Kementerian
Sains, Teknologi & Inovasi (MOSTI), Kementerian Kewangan dan pelbagai badan kerajaan lain yang telah
memberi sokongan dan sumbangan mereka kepada CyberSecurity Malaysia pada tahun 2008. Saya juga ingin
menyampaikan ucapan jutaan terima kasih kepada rakan kita di peringkat antarabangsa atas komitmen
berterusan mereka membantu penglibatan CyberSecurity Malaysia dalam usaha mewujudkan alam siber yang
lebih selamat.
Penghargaan
Sejak diperkenalkan pada tahun 2005, CyberSecurity Malaysia telah diamanahkan untuk membantu kerajaan
menjayakan pelaksanaan NCSP bagi memastikan CNII kita dilindungi sepenuhnya. Justeru, pelbagai pelan
tindakan telah dirangka bertujuan untuk melancarkan agenda NCSP ini. Tidak dapat dinafikan bahawa tahun
2008 merupakan satu tahun yang agak sukar, namun saya dengan sukacitanya ingin mengumumkan bahawa
CyberSecurity Malaysia telah berjaya memainkan peranan penting dalam menyelaras usaha bagi memastikan
kejayaan pelaksanaan NCSP.
Didorong oleh cita-cita untuk mencapai pembangunan positif dalam sektor ICT dan pada masa yang sama,
menjamin kerahsiaan Infrastruktur Maklumat Negara Yang Kritikal (CNII), Kerajaan telah mengambil beberapa
inisiatif untuk merealisasi matlamat tersebut. Salah satu daripadanya adalah pengwujudan Dasar Keselamatan
Siber Negara (NCSP). NCSP yang dibangunkan oleh Kementerian Sains, Teknologi & Inovasi (MOSTI) bertujuan
untuk menggabungkan segenap usaha di peringkat negara bagi mempertingkatkan lagi tahap keselamatan CNII
Malaysia. NCSP menyedari kepentingan dan harapan negara terhadap infrastruktur maklumat negara dan ia
berhasrat ingin membangunkan sebuah rangka kerja serta program komprehensif yang dapat memastikan
keberkesanan kawalan keselamatan maklumat terhadap aset penting negara.
10
YBhg. Dato' Abdul Hanan
bin Alang Endut
Chairman / Pengerusi
Tahun 2008
mencatatkan beberapa
pencapaian cemerlang
kepada CyberSecurity
Malaysia
The year 2008
marks a number of
significant
achievements by
CyberSecurity Malaysia
Sejak Malaysia memulakan usaha memperkukuhkan binaan infrastruktur
maklumat dan komunikasinya yang mana salah satu matlamat utamanya
adalah untuk menerajui Malaysia menjadi sebuah negara maju, kita telah
menyaksikan perkembangan membanggakan ke arah mencapai objektif
tersebut. Namun pada masa yang sama, usaha tersebut mendepani pelbagai
cabarannya yang tersendiri; sama ada positif seperti perubahan besar dari
segi teknologi atau kesan negatif seperti ancaman penggodam dari serata
pelosok dan sudut dunia yang telah menguji kemampuan tenaga kerja kita,
tahap kepakaran dan juga kelengkapan infrastruktur kita. Walau
bagaimanapun, saya dengan rasa besar hati ingin memaklumkan bahawa
Malaysia berjaya membuktikan kemampuan menangani sebarang bentuk
cabaran setanding dengan negara-negara maju.
Kemajuan pesat di persekitaran kita mewujudkan keadaan mencabar yang
perlu kita hadapi pada tahun lepas. Walau bagaimanapun, dedikasi berserta
dengan pengalaman luas yang kami miliki, kemahiran yang tinggi dan
sumber yang dilengkapi; CyberSecurity Malaysia berjaya mencatatkan
prestasi membanggakan untuk menangani pelbagai cabaran tersebut dan
saya dengan sukacitanya ingin membentangkan mengenainya dalam Laporan
Tahunan CyberSecurity Malaysia bagi tahun kewangan 2008 di bawah.
Penyata Pengerusi
Since Malaysia embarked on building its strong information and
communication infrastructure with one of the primary aims was to spearhead
Malaysia into becoming a developed nation, we have witnessed a significant
progress towards realizing this objective. Nonetheless, at the same time,
there were impending challenges; either positive ones such as rapid change
of technology or negative consequences, such as threat of hackers from any
nooks and corners of the world which had tested the ability of our workforce,
level of expertise and infrastructure adequacy. However, I am proud to
acknowledge that Malaysia had successfully proven its capability in
addressing any forms of challenges at par with developed nations.
Rapid development within our surroundings has created challen
nging
circumstances which we had to confront in the past year. Neverthelesss, our
dedication coupled with our vast experience, strong expertise and wellequipped resources; CyberSecurity Malaysia had successfully reco
orded
ed to
impressive performance to address those challenges which I am please
present in the CyberSecurity Malaysia Annual Report for financial year
ending 2008 below.
Chairman’s Statement
11
8
WE STRIVE TO BE TRUSTWORTHY
Everything we do is focused on one primary goal
– you. We are here to safeguard your needs and
interests and that of the community. In doing so,
we hope to gain your trust and confidence.
WE ARE PROACTIVE
We take the initiative to be forward thinking and
progressive when confronting problems in our
work, for we know that in our industry, there is just
no other way to do things.
WE ARE RESPONSIVE
Befitting our calling of keeping our cyberspace safe
and secure, we make sure we step up when
challenges arise, no matter the complexity, nature
of problem or who calls in.
WE ARE PASSIONATE
We take pride in our work, and our cooperation
with all clients. Working together, we truly believe
we can secure our nation’s cyber security.
WE SUPPORT EACH OTHER
Each and every single staff here plays a role in
helping you solve your problem. We share our
expertise and experience so that you enjoy the
benefits and skills of every single one of us.
Beyond the technical world we operate in, a critical
factor in our success is relationships-ties between
ourselves and our clients, and ties between everyone
at CyberSecurity Malaysia. This is what drives us
towards excellence.
Relationships
WE ARE EFFECTIVE
In order to maintain the highest level of service to
you, we strive to deliver accurate advice and
reliable service every single time.
WE SPECIALIZE
To ensure you gain maximum benefit from working
with us, we do only the best, so that you are
assured we won’t be sidetracked by issues that
might hinder our performance.
WE ARE RESOURCEFUL
We understand that one solution never fits all.
Your situation will always be specific to your own
organization, as such we are always practical and
innovative when solving a problem so that we can
deliver solutions that are personalized for you.
In delivering our services to you, we adopt values that
inform our approach and ensure our professionalism
in carrying out our Work.
Service
SERVICE, QUALITY AND RELATIONSHIPS
We aim to do this through three main areas of focus:
WE ARE IMPARTIAL
No matter how big or small a problem or case
might be, we handle it impartially. We will provide
fair and unbiased support, advice and information
without discrimination of prejudice.
We strive to always reach for higher levels of quality
in service, for we understand that this is the only way
to ensuring that we remain at the forefront of the
industry.
Our vision is to be a globally recognized National
Cyber Security Reference and Specialist Centre by
2020.
To make this a reality, we intend to make you, our
client, the number one consideration in everything
that we do.
Janji Kami Kepada Anda
Quality
Our Promise to You
KAMI BERSEDIA UNTUK BERTINDAK
Sesuai dengan matlamat kami untuk menjadikan
ruang siber anda selamat dan terlindung, kami
memastikan bahawa kami sentiasa bersedia untuk
menangani sebarang permasalahan, tidak kira
bagaimana sukar dan kompleks, di dalam pelbagai
keadaan dan tidak kira siapa pun yang memanggil.
KAMI PROAKTIF
Kami sentiasa mengambil inisiatif untuk berfikiran
maju ke hadapan dan progresif apabila menangani
permasalahan semasa melaksanakan tugasan,
kerana kami mengetahui bahawa di dalam industri
ini, hanya inilah prinsip pelaksanaan tugasan yang
diterima.
KAMI BERINOVASI
Kami memastikan bahawa satu kaedah penyelesaian
tidak semestinya sesuai bagi semua permasalahan.
Setiap organisasi mempunyai permasalahannya
sendiri yang unik, oleh itu kami sentiasa bersikap
praktikal dan inovatif apabila menyelesaikan
sebarang permasalahan yang berciri peribadi
khusus kepada anda.
Semasa menyampaikan perkhidmatan kepada anda,
kami akan menerapkan nilai-nilai berinformasi
berkaitan dengan kaedah tatakerja kami dan akan
sentiasa
memastikan
tahap
profesionalisma
diaplikasikan semasa kami melaksanakan tugasan
tersebut.
Perkhidmatan
PERKHIDMATAN, KUALITI DAN PERHUBUNGAN
Kami berhasrat untuk melaksanakannya dengan
memberikan tumpuan kepada tiga bidang yang penting
iaitu:
Untuk menjadikan impian ini satu realiti, kami berhasrat
untuk menjadikan anda, Pelanggan Kami, sebagai
keutamaan di dalam setiap aktiviti kami.
Visi kami adalah untuk menjadi Pusat Rujukan
Keselamatan Siber Kebangsaan yang diiktiraf di persada
antarabangsa dan menjadi Pusat Kecemerlangan
Kepakaran menjelang tahun 2020.
Piagam Pelanggan
Client Charter
9
KAMI BOLEH DIPERCAYAI
Segala aktiviti kami bermatlamatkan kepada -anda.
Kami berada di sini untuk menjamin keselamatan
dan kepentingan anda dan orang ramai. Di dalam
melaksanakan matlamat ini, kami berharap agar
anda boleh memberikan sepenuh kepercayaan dan
keyakinan kepada kami.
KAMI MENJIWAI
Kami berbangga dengan tugasan yang kami lakukan
dan kerjasama yang kami hulurkan keapda
pelanggan. Dengan usahasama yang padu kami
yakin akan berupaya untuk menjamin keselamatan
ruangan siber negara kita.
KAMI BEKERJASAMA
Setiap seorang daripada warga kerja kami
memainkan peranan di dalam menangani
permasalahan anda. Kami berkongsi kemahiran
dan pengalaman agar anda dapat menikmatan
faedah daripada kepakaran yang kami miliki.
Di sebalik dunia teknikal di mana kami beroperasi,
salah satu faktor yang menjadi tunggak kejayaan kami
ialah Perhubungan dan Ikatan yang terjalin di antara
kami dengan pelanggan dan ke semua warga kerja
CyberSecurity Malaysia. Ianya merupakan teras yang
memacu kami ke arah kejayaan.
Perhubungan
KAMI CEKAP
Demi memastikan dan mengekalkan tahap
perkhidmatan yang terbaik untuk anda, kami
sentiasa berusaha untuk menyampaikan maklumat
dan nasihat secara tepat dan memberikan
perkhidmatan yang dipercayai pada setiap masa.
KAMI PAKAR
Kami memastikan anda mendapat manfaat yang
maksimum semasa berurusan, kerana kami pakar di
dalam bidang ini, jadi anda pastinya tidak akan
dipesongkan oleh isu-isu yang boleh menggugat
prestasi kami.
KAMI ADIL
Tidak kira bagaimana besar atau kecil sesuatu
permasalahan itu, kami akan menanganinya dengan
adil. Kami akan memberikan sokongan secara adil
dan saksama, memberikan khidmat nasihat dan
informasi tanpa diskriminasi atau prejudis.
Kami sentiasa berusaha untuk mencapai tahap yang
lebih tinggi di dalam penyampaian mutu perkhidmatan
kami, kerana kami memahami bahawa ini sahaja
caranya untuk sentiasa menjadi yang terunggul di
dalam industri ini.
Kualiti
6
increase public awareness of our specialised cyber services.
improve customer satisfaction.
6 To
7 To
Mengukuhkan kepercayaan dan keyakinan untuk menggunakan
2
Memantapkan kedudukan Malaysia di persada keselamatan siber dunia.
Menyuburkan kesedaran orang ramai terhadap perkhidmatan siber khas kami.
Memperbaiki tahap kepuasan pelanggan.
Menggalakkan pengwujudan pasukan kerja yang bersikap positif, tenaga kerja
5
6
7
8
9
Meluaskan kesedaran ke seluruh negara terhadap keselamatan siber.
4
untuk mencapai objektif teras.
Mendapatkan dana yang mencukupi dan digunakan secara efektif
yang berinovasi dan semangat berpasukan yang teguh.
Memastikan bilangan profesional keselamatan siber yang mencukupi.
3
pelbagai produk dan kepakaran.
Meningkatkan tahap kesediaan keselamatan siber negara.
obtain adequate fund and effectively use them to meet core objectives.
1
9 To
8 To
empowered work teams with positive attitude, innovative workforce
and strong teamwork.
promote
strengthen the position of Malaysia globally in cyber security.
5 To
7 April 2006
05
20
07
20
The Government appointed CyberSecurity Malaysia as the sole Certification Body for the evaluation
and certification scheme based on MS ISO/IEC 15408: 2005 Information Technology – Security
Techniques – Evaluation Criteria for IT Security. This certification body is named Malaysian Common
Criteria Certification Body (MyCB).
Kerajaan telah melantik CyberSecurity Malaysia sebagai Badan Persijilan tunggal untuk skim
penilaian dan persijilan berasaskan kepada MS ISO/IEC 15408: 2005 Teknologi Maklumat – Teknik
Keselamatan – Kriteria Penilaian Bagi Keselamatan IT. Badan Persijilan ini dikenali sebagai Badan
Persijilan Kriteria Bersama Malaysia (MyCB).
08 October/Oktober 2008
CyberSecurity Malaysia was certified in Information Security Management
System (ISMS), ISO/IEC 27001:2005
CyberSecurity Malaysia telah mendapat pensijilan ISO/IEC 27001:2005 iaitu
standard Pengurusan Keselamatan Sistem Maklumat (ISMS).
25 July/Julai 2008
CyberSecurity Malaysia was officially launched by the Prime Minister of
Malaysia during the NITC Meeting 1/2007 at Cyberjaya.
CyberSecurity Malaysia telah dilancarkan secara rasmi oleh Perdana
Menteri Malaysia semasa Mesyuarat NITC 1/2007 di Cyberjaya.
20 August/Ogos 2007
NISER was officially renamed CyberSecurity Malaysia and registered with
the Companies Commission of Malaysia (CCM).
NISER secara rasmi diberi nama baru sebagai CyberSecurity Malaysia dan
didaftar dengan Suruhanjaya Syarikat Malaysia (SSM).
30 March/Mac 2007
06
20
08
20
As part of MIMOS Berhad’s rationalisation exercise, the Malaysian Cabinet
decided for NISER to be separated from MIMOS, and established as a
Company Limited by Guarantee, owned by the Government of Malaysia,
under the purview of MOSTI.
Sebagai sebahagian daripada langkah rasionalisasi MIMOS Berhad,
Kabinet Malaysia telah memutuskan supaya NISER diasingkan daripada
MIMOS, dan beroperasi sebagai sebuah Syarikat Berhad mengikut Jaminan,
yang dimiliki oleh Kerajaan Malaysia, di bawah kawal selia MOSTI.
To address the growing cyber threats in critical areas, the National Information
Technology Council (NITC) Meeting 1/2006 agreed that the National Cyber
Security Policy (NCSP) be adopted, with NISER to begin the transformation process
to become the Malaysian Cyber Security Centre and given the additional mandate
to assist the government in implementing the NCSP.
Bagi menangani ancaman siber yang semakin membimbangkan di bidang-bidang
kritikal, Mesyuarat Majlis Teknologi Maklumat (NITC) 1/2006 bersetuju bahawa
Dasar Keselamatan Siber Negara (NCSP) perlu diterima pakai, dengan NISER
memulakan proses transformasi untuk menjadi Pusat Keselamatan Siber Malaysia
dan diberi mandat tambahan untuk membantu kerajaan melaksanakan NCSP.
How
H
ow We
We G
Get
et H
et
Here
ere / LLangkah
ang
ngkaah
hK
Kami
ami
01
20
raise national awareness in cyber security.
4 To
98
19
ensure adequate number of cyber security professionals.
3 To
97
19
NISER was officiated by the then Deputy Prime Minister, YAB
Dato’ Seri Abdullah Ahmad Badawi.
NISER telah dirasmikan oleh Timbalan Perdana Menteri ketika
itu, YAB Dato’ Seri Abdullah Ahmad Badawi.
increase trust and confidence in using indiggenous products and expertise.
2 To
28 September 2005
10 April 2001
enhance the state of cyber security readineess of the nation.
1 To
STRATEGIC GOALS / MATLAMAT STRATEGIK
National ICT Security and Emergency Response Centre (NISER) was born when the National IT
Council (NITC) directed an agency to be formed to address ICT security issues in Malaysia.
MyCERT became a part of NISER.
Pusat Keselamatan dan Tindakbalas Kecemasan ICT Negara (NISER) telah lahir apabila Majlis IT
Negara (NITC) mengarahkan sebuah agensi dibentuk bagi menangani isu keselamatan ICT di
Malaysia. MyCERT menjadi sebahagian daripada NISER.
24 January/Januari 1998
The Malaysian Computer Emergency Response Team (MyCERT) was established to
address computer security issues amongst Malaysian internet user.
Pasukan Tindakbalas Kecemasan Komputer Malaysia (MyCERT) ditubuhkan untuk
menangani isu keselamatan komputer di kalangan pengguna internet Malaysia.
13 January/Januari 1997
4
Creating and Sustaining a Safer Cyberspace
to Promote National Sustainability, Social Well-Being and
Wealth Creation.
Dikemudi oleh wawasannya, misi CyberSecurity Malaysia dipandu oleh naluri rasa tanggungjawab
untuk melindungi kepentingan negara dalam mewujud dan mengekalkan alam siber yang lebih
selamat; di mana ketersediaan, kewibawaan, keaslian, kerahsiaan dan tiada kecenderungan
dikekalkan. Alam siber yang selamat dan terjamin adalah sesuai untuk urusan kerajaan, perdagangan
dan juga individu. Semua keadaan ini menggalakkan produktiviti, kemapanan, keharmonian sosial
dan kesejahteraan, serta penciptaan kekayaan negara.
Misi Kami : Mewujud dan Mengekalkan Alam Siber yang Lebih
Selamat bagi Menggalakkan Kemapanan, Kemakmuran Sosial
dan Penciptaan Kekayaan Negara.
CyberSecurity Malaysia bertekad untuk mencapai kedudukan global sebagai Pusat Pakar
Keselamatan Siber, sambil menangani keperluan keselamatan maklumat di Malaysia. Ia beriltizam
untuk menjadi majikan pilihan dan penyedia perkhidmatan pilihan yang dihormati di dalam dan di
luar industri keselamatan maklumat serta oleh sektor awam dan swasta. CyberSecurity Malaysia
menerajui pembangunan kepakaran dan pemerolehan teknologi terkini dalam keselamatan
maklumat. Ia memastikan bahawa perkhidmatan khusus ditawarkan pada tahap tertinggi dan
sentiasa mengatasi jangkaan.
Visi Kami :
Untuk Menjadi Sebuah Pusat Rujukan dan Pakar
Keselamatan Siber Negara Yang Diiktiraf di Peringkat Global
Menjelang 2020.
Guided by its vision, CyberSecurity Malaysia’s mission is driven by the sense of responsibility to
protect the national interest in creating and sustaining a safer cyberspace; where information
availability, integrity, authenticity, confidentiality, and non-repudiation are preserved. A safe and
secure cyberspace is conducive for governmental, commercial and individual transaction.
Altogether, these promote productivity, national sustainability, social harmony and well-being, as
well as wealth creation.
Our Mission :
PROACTIVE: Taking prompt action to accomplish objectives; anticipate challenges
and identify solutions; taking action to achieve goals beyond what is required
SAKSAMA: Memberikan pertimbangan, nasihat dan membuat keputusan berdasarkan
kepada ciri-ciri profesionalisma yang tinggi, tidak berat sebelah dan berasaskan kepada fakta
serta rasional yang jelas; sentiasa mengelakkan sebarang kepentingan peribadi atau konflik
kepentingan
PROAKTIF:
Mengambil tindakan segera untuk menyelesaikan objektif; menjangka
cabaran dan mengenalpasti penyelesaian; mengambil tindakan untuk mencapai matlamat
mengatasi apa yang diperlukan
DIPERCAYAI: Mengekalkan kelaziman sosial, etika dan organisasi; mematuhi kod
p
pp
p etika profesional.
p
tatalaku dan prinsip-prinsip
Nilai Teras Kami adalah untuk Menjadi Penyedia Perkhidmatan
Pakar dalam Keselamatan Siber Yang Dipercayai, Saksama dan
Proaktif.
IMPARTIAL: Provide judgement, advice and make decision with high professionalism,
unbiased and based on clear facts and rationale; devoid of any personal or conflict of
interest
of conduct and professional ethical principles
Our Core Values are being a Trusted, Impartial, and Proactive
Specialist Service Provider in Cyber Security.
TRUSTED: Maintaining social, ethical, and organization norms; firmly adhering to codes
Our Vision : To be a Globally Recognized, National Cyber Security
Reference and Specialist Centre by 2020.
CyberSecurity Malaysia aspires to achieve a global standing as the Cyber Security Specialist Centre,
whilst addressing the information security needs of Malaysia. It aims to be the employer of choice
and the service provider of choice that gains respects from within and outside the information
security industry as well as from the public and private sectors. CyberSecurity Malaysia leads in the
development of expertise and acquisition of the latest technologies in information security. It
ensures that its specialised services are of the highest standard, and continuously exceeds
expectations.
WHAT WE BELIEVE IN / KEYAKINAN KAMI
OUR DIRECTION / HALATUJU KAMI
5
2
Resolution 2
Resolution 3
2. To re-elect Puan Rubaiah binti Hj Hashim who retires by rotation pursuant
to Articles 49 and 51 of the Company’s Articles of Association and who,
being eligible, offers herself for re-election;
3. To-reappoint Messrs Azman, Wong & Salleh as Auditors of the Company
and to authorize the Directors to fix their remuneration;
To be valid the proxy form duly completed must be deposited at the Registered Office of the
CyberSecurity Malaysia at Level 7, Sapura@Mines, No 7, Jalan Tasik, The Mines Resort City, Seri
Kembangan 43300 Selangor Darul Ehsan, Malaysia not less than forty-eight (48) hours before the time
for holding the meeting.
The instrument appointing a proxy shall be in writing under the hand of the appointor or his attorney
duly authorised in writing or if the appointor is a body corporate, either under seal or under hand of the
officer or attorney duly authorised.
A proxy need not be a member of the CyberSecurity Malaysia PROVIDED that a member shall not be
entitled to appoint a person who is not a member as his proxy unless that person is an advocate, an
approved company auditor or a person approved by the Registrar of Companies.
NOTES:
Selangor
11 June 2009
JAILANY BIN JAAFAR (LS8843)
Company Secretary
BY ORDER OF THE BOARD
4. To approve the payment of the Directors’ accumulated monthly allowances
Resolution 4
for the financial year ended 31 December 2008.
________________________________________________________________________________________
AS SPECIAL BUSINESS
To consider and, if thought fit, pass the following resolution:
1. Untuk menerima Penyata Kewangan Telah Diaudit bagi tahun
kewangan berakhir 31 Disember 2008 dan Laporan Pengarah dan
Juruaudit mengenainya.
Resolusi 3
Resolusi 2
Resolusi 1
Borang proksi yang telah dilengkapkan sewajarnya mestilah dihantar ke Pejabat Berdaftar CyberSecurity
Malaysia di Aras 7, Sapura@Mines, No. 7, Jalan Tasik, The Mines Resort City, Seri Kembangan 43300
Selangor Darul Ehsan, Malaysia tidak lewat dari empat puluh lapan (48) jam sebelum masa untuk
mesyuarat diadakan.
Suratcara pelantikan proksi hendaklah secara bertulis dengan ditandatangani oleh pelantik atau peguam
beliau yang telah diberi kuasa sewajarnya secara bertulis atau jika pelantik tersebut merupakan sebuah
badan korporat, sama ada di bawah meterai atau tandatangan pegawai atau peguam yang telah diberi
kuasa sewajarnya.
Seorang proksi tidak semestinya ahli CyberseSecurity Malaysia dengan SYARAT bahawa seseorang ahli
hendaklah tidak layak untuk melantik seseorang yang bukan ahli sebagai proksi beliau melainkan
individu tersebut adalah seorang peguam, seorang juruaudit syarikat yang diluluskan atau seorang
individu yang telah diluluskan oleh Pendaftar Syarikat.
NOTA:
Selangor
5 Jun 2009
JAILANY BIN JAAFAR (LS8843)
Setiausaha Syarikat
ATAS ARAHAN LEMBAGA
4. Untuk meluluskan pembayaran Elaun Bulanan Terkumpul Pengarah bagi tahun
Resolusi 4
kewangan berakhir 31 Disember 2008.
_________________________________________________________________________________________
SEBAGAI URUSAN KHAS
Untuk mempertimbangkan dan, jika difikirkan sesuai, meluluskan Resolusi Biasa berikut:-
3. Untuk melantik semula Tetuan Azman, Wong & Salleh sebagai
Juruaudit Syarikat dan membenarkan Pengarah-Pengarah untuk menetapkan
imbuhan mereka.
2. Untuk memilih semula Puan Rubaiah binti Hj. Hashim yang bersara mengikut
giliran menurut Tataurusan 49 dan 51 Tataurusan Pertubuhan Syarikat dan,
oleh kerana layak, menawarkan diri beliau untuk pemilihan semula.
SEBAGAI URUSAN BIASA
Resolution 1
1. To receive the Audited Financial Statements for the financcial year
ended 31 December 2008 together with the Reports of thee Directors
and Auditors thereon;
DENGAN INI DIBERITAHU BAHAWA Mesyuarat Agung Tahunan Ketiga CYBERSECURITY MALAYSIA
akan diadakan selaras dengan Resolusi Pekeliling Ahli menurut Akta 20 Tataurusan Pertubuhan Syarikat
pada atau sebelum 26 Jun 2009 untuk melaksanakan urusan-urusan berikut:
_________________________________________________________________________________________
NOTICE IS HEREBY GIVEN THAT the Third Annual General Meeting of CYBERSECURITY MALAYSIA
will be held by way of Members’ Circular Resolution pursuantt to Article 20 of the Company’s Articles of
Association on or before 26 June 2009 to transact the followin
ng businesses:______________________________________________________
____________________________________
AS ORDINARY BUSINESS
Notis Mesyuarat Agung Tahunan
Notice of Annual General M
Meeting
3
ii
Seumpama binaan lego, binaan keselamatan pintar ciptaan CyberSecurity Malaysia melambangkan sistem
pengawasan dan perisai keselamatan terbaik yang mampu melindungi alam siber daripada sebarang
penyusupan dan pencerobohan yang tidak diingini. Keunikan ciri dan prestasinya yang sudah terserlah
sejak penubuhannya lagi telah melonjakkan kedudukan organisasi sebagai peneraju di pasaran.
Melangkahlah ke ruang siber dengan perasaan selamat dan sentosa untuk memanfaatkan kreativiti,
kecekapan dan produktiviti yang anda boleh nikmati tanpa sebarang batasan.
Selamat dan Yakin di Ruang Siber
Resembling a lego construct, CyberSecurity Malaysia’s smartly built security tool epitomises the best ever
mitigation and shield system against any uninvited encroachments and infiltrations. Its unique attributes
and performance had since its inception, contributed to the organisation’s leadership position in the game
plan. Feel safe and secured against any security challenges as you stride ahead into a virtual space of
unlimited creativity, efficiency and productivity.
For Safe and Secured Cyberspace
Cover Rationale
Rasional Muka Hadapan
Notice of the Third Annual General Meeting
Notis Mesyuarat Agung Tahunan Ketiga
Our Direction
Halatuju Kami
What We Believe In
Keyakinan Kami
Strategic Goals
Matlamat Strategik
How We Get Here
Langkah Kami
Client Charter
Piagam Pelanggan
Chairman's Statement
Penyata Pengerusi
Board Members
Ahli Lembaga Pengarah
Management Committee
Jawatankuasa Pengurusan
Foreword by the CEO
Perutusan Ketua Pegawai Eksekutif
Operations Review
Ulasan Operasi
CyberSecurity Malaysia's Corporate Citizen
Warga Korporat CyberSecurity Malaysia
Technical and Knowledge Partners
Rakan Pengetahuan dan Teknikal
ISMS Policy Statement
Penyata Dasar ISMS
Corporate Governance
Tadbir Urus Korporat
Activities Throughout 2008
Aktiviti Sepanjang Tahun 2008
Financial Report
Laporan Kewangan
Proxy Form
Borang Proxy
ii
02
04
05
06
07
08
10
14
16
21
26
46
48
50
52
60
76
99
Kandungan
CONTENTS
1