MCMC targets e-Security

Protecting key information and ensuring the security of IT systems is a major concern for all organisations. However, companies still lack awareness on the need to protect their own IT turf, which makes it difficult for top management to fully address electronic security (e-security) issues. To assist organisations facing this problem, an E-Security 2003 Expo and Forum is being held from Sept 2 to 5 as part of the Malaysia ICT Week at the MIECC, Mines Resort, Kuala Lumpur, to help shed light on this key issue. The E-Security expo is a co-located event under the umbrella of this year's Asean Communications and Multimedia Expo and Forum (ACM 2003). The E-Security expo is being held under the patronage of the Malaysian Communications and Multimedia Commission (MCMC), which is spearheading the move for greater industry awareness. MCMC chairman Tan Sri Nuraizah Abdul Hamid says this is the Commission's third year of involvement in the National E-Security Seminar and the MCMC has been promoting capacity building to manage the ever-growing issue of security breaches. A study on 402 companies by the National ICT Security and Emergency Response Centre (NISER) conducted in 2002 revealed an interesting nugget of information on the state of e-security in Malaysia. While Malaysian organisations invested an average of RM343,527 each in e-security last year, the bulk of it - a total of RM204,870 - was invested in hardware and software. Only a paltry average of RM63,000 was spent on knowledge and skills development for staff, which defeats the purpose as trained personnel is needed to ensure vigilance. Nuraizah says e-security management is important but, more importantly, security solutions need people with the necessary skills and knowledge to properly manage them. "Empowering ICT personnel with skills and knowledge will complement efforts in ensuring risk management of the company's network as well," she adds. How are they addressing this issue? "As regulator and promoter of the local communications and multimedia industry, we're tasked with implementing information network security and promoting secure and safe networking - one of the 10 national policy objectives defined in the Communications and Multimedia Act 1998," Nuraizah explains. Internally, says Nuraizah, MCMC is busy strengthening its team of security experts, who are responsible for advocating best practices in the area of information network security. "We are also hosting seminars, conferences and awareness programmes to promote greater awareness in this area." One example was last year's "Information and Network Security and The Protection of Critical Infrastructure", a workshop MCMC organised for those involved in the networks business. More recently, it organised a seminar on "Network Security Management and Positive Use of the Internet" with members of the Asia-Pacific Telecommunity, a regional telecommunication organisation based in Bangkok which works on achieving sustainable growth of telecommunication and ICT services in the Asia-Pacific region. Nuraizah reveals that MCMC's future efforts involve reaching out to universities and colleges. "Students are the untapped resources of the country's future growth in information and network security. With proper guidance, training and exposure, they can help in assisting organisations and the bodies involved in managing security risks," she adds. For this year's E-Security Expo, MCMC representative Shamsul Jafni Shafie will present a paper on "An Agenda for Building Capacity on E-Security". "It will focus on the need for organisations to build capacity - training their own systems administrators to manage the IT systems, rather than spending on software," says Shamsul. "Most organisations treat security as a technology problem that can be solved by buying off-the-shelf solutions. We believe security is a management issue, of knowing what needs to be secured, as well as managing it smartly," he emphasises. Shamsul himself was previously a deputy public prosecutor at the Commercial Crime Unit of the Attorney-General's Chambers of Malaysia and had also worked in the enforcement division with the Securities Commission. This will be his third time participating in the ACM Expo. Other speakers include Adrian Tham, regional sales engineering manager for Asean at Symantec Corp, who will be speaking on "Intrusion Management: A New Approach to Intrusion Protection". Also present will be Trend Micro's Wong Joon Hoong, who will speak on "A New Way of Managing The Virus Outbreak Cycle". And how can organisations prio- ritise e-security? They can get the answers from network security consultant Dinesh Nair's talk on "E-Enabling Your Business: Making E-Security A Priority". Additionally, those concerned about spending should not miss Ng Ying Chyn, Security Consulting Manager at e-Lock Corp Sdn Bhd who will speak on "Spending Wisely on E-Security Technology: What Businesses Sho- uld Look For". For more details, contact: AMB Exhibition Sdn Bhd (03) 40454993.