KUALA LUMPUR, Dec 6 — In an effort to prevent data leak and protect data security, CyberSecurity Malaysia (CSM) has issued recommendations for the use of technological equipment, devices, and software applications, the Dewan Negara sitting was told today.
Deputy Communications and Digital Minister Teo Nie Ching said the recommendations include the need for a vulnerability assessment and penetration test, which is the process of identifying vulnerabilities in computer systems, applications, and devices.
“In addition, certification for devices, applications, and systems such as Malaysia Common Criteria (the Malaysian Common Criteria Evaluation and Certification) and Technology Security Assurance is required because it is an important process for assessing and certifying the security functions of Information and Communication Technology (ICT) products based on criteria or standards that have been set.
“At the same time, the Security Posture Assessment should be performed on a regular basis to identify vulnerabilities of existing ecosystems, devices, applications, and systems that will be developed,” she said during the question and answer session.
She said this in reply to Senator Datuk Seri Ti Lian Ker’s question regarding the guidelines on the use of technical equipment, devices, and software applications from foreign countries in government buildings and premises to protect national data privacy.
According to Teo, the existing government policies do not prohibit the use of technological equipment, devices, or software applications from specific nations by government agencies or in government buildings and facilities.
She said that data security and government information confidentiality are subject to the Security Directive, the Information and Communication Technology (ICT) security circular, and the guidelines of the Office of the Chief Government Security Officer and the National Cyber Security Agency of the Prime Minister’s Department.
“These directives, circulars, and guidelines are currently in place across government agencies to protect essential national data and prevent its unauthorised dissemination and leakage.
“In this regard, the ministry, through the Malaysian Communications and Multimedia Commission and CSM, also plays a role in providing assistance from a technical point of view, such as digital forensics, to ensure data security and information confidentiality,” she said.
