Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
https://cyberlawcase.wordpress.com/2016/05/09/first-blog-post/ http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
a list of statutes in Malaysia regarding the
Cyber law
• • Electronic Government Activities
These are a list of statutes in Act 2007
Malaysia regarding the Cyber • Payment Systems Act 2003
law (Zulhuda, n.d.).
• Personal Data Protection Act
Communications and Multimedia 2010
Act 1998 • Telemedicine Act 1997
• Computer Crimes Act 1997 • Penal Code (including Chapter on
• Copyright Act (Amendment)1997 terrorism & cyber-terrorism)
• Digital Signature Act 1997 • Communications and Multimedia
Content Code
• Electronic Commerce Act 2006
a list of statutes in Malaysia regarding the
Cyber law
• Communications and Multimedia Act 1998 Copyright Act (Amendment) 1997
This act is the main pillar for other cyber laws in This act is amendment from Copyright Act 1987. It
Malaysia. It will explain each roles and will be protecting the copyright works from
responsibilities of Internet Service Providers. It also unauthorized copying and/or alteration. Since
stated that there will be no filtering in accessing the technology is always evolved, this act help to protect
Internet in Malaysia. A specialize government body in copyright works in new forms. The enforcement of
Information and Communication Technology (ICT) is the act has been done on 1st April 1999 (Multimedia
also been established by using this particular act, Development Corporation, 1996-2012).
which is the Communication and Multimedia
Commission. It is already being enforced by the • Digital Signature Act 1997
government on 1st April 1999 (Multimedia
Development Corporation, 1996-2012). On 1st October 1998, this act has been enforced to
help preventing on-line transaction fraud. It will
Computer Crimes Act 1997 provide both licensing and regulation of Certification
Authorities (CA). Signor identity certification and
The main reason for enforcing this act is to ensure Digital Signature will be issued by CA. Digital
that misuse of computer can be overcome. Misuse of Signature has become legally valid and enforceable
computer will be an offence in Malaysia. This act is as a traditional signature (National IT Council, 2012).
enforced on 1st June 2000(Multimedia Development
Corporation, 1996-2012). http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
a list of statutes in Malaysia regarding the
Cyber law
• Electronic Commerce Act 2006
Payment Systems Act 2003
This act will give a legal recognition of
electronic messages in commercial transaction. This act will be covering both operators
It also provides how legal requirements can be payments system and issuers of designated
fulfilled by using electronic messages. This acts payment instruments (DPIs). It also contains
also allow the use of electronic means and provasions to allow Bank Negara Malaysia (BNM)
other related matters to facilitate commercial to effectively perform its roles. On 1st
transactions. It is effective on 19th October November 2003 has been enforced by the
2006 (Multimedia Development Corporation, government (Bank Negara Malaysia, 2013).
1996-2012).
•
• Personal Data Protection Act 2010
Electronic Government Activities Act 2007
Personal Data Protection Act 2010 is an act to
Malaysian Government has enforce an act to do regulate the processing of personal data in
facilitation of electronic delivery commercial transactions. However, this will not
on government services to the public. It come be applicable to the government both federal
into force on 1 January 2008 (Multimedia or states and data processed outside of
Development Corporation, 1996-2012). Malaysia. This act said to be enforced on 1st
January 2013 but it has been extend to a
• different date (Secure IT Solution, 2011).
http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
a list of statutes in Malaysia regarding the
Cyber law
• Telemedicine Act 1997 online pornography. This will avoid the
criminals from charged not guilty (Zulhuda,
This act is still not enforced yet and 2010).
amendment are still being made. The act states
that only registered doctor can practice
telemedicine. Other healthcare providers must Communications and Multimedia Content
obtain license to do telemedicine. This is to Code
avoid anything that related with medical
purpose from being misuse by doctors or Using Communication and Multimedia Act 1998
patients, since the health industry has evolved as a guide to prepare a content code and to
into a new level (National IT Council, 2012). enforce the code according to the standard and
practices in the communications and
multimedia industry (Ministry of Information
Penal Code (including Chapter on terrorism & Communications and Culture, 2011).
cyber-terrorism)
•
It is the pillar or the main statute in Malaysia.
This is because not all cyber crimes can be
enforced using all cyber laws. Therefore, Penal
Code will be used as a backup to charge the
criminal involved in cyber crimes. Example of
case are online fraud, online gambling and
http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
http://www.cybersecurity.my/en/about_us/our_ministry/main/detail/
2609/index.html
CyberSecurity Malaysia is the national cyber security specialist
agency under the Ministry of Science, Technology and
Innovation (MOSTI).
• The Cabinet Meeting on 28 September 2005, through the Joint Cabinet Notes by the Ministry of
Finance (MOF) and Ministry of Science, Technology and Innovation (MOSTI) No. H609/2005
agreed to establish the National ICT Security and Emergency Response Centre (now known as
CyberSecurity Malaysia) as a National Body to monitor the National e-Security aspect, spin-off
from MIMOS to become a separate agency and incorporated as a Company Limited-by-
Guarantee, under the supervision of MOSTI.
•
The Malaysian Government gazetted the role of CyberSecurity Malaysia by Order of the Ministers
of Federal Government Vol.53, No.13, dated 22 June 2009 (revised and gazetted on 26 June 2013
[P.U. (A) 184] by identifying CyberSecurity Malaysia as an agency that provides specialised
cybersecurity services and continuously identifies possible areas that may be detrimental to
national security and public safety.
•
As a specialist agency, CyberSecurity Malaysia is also required to support as well as provide
technical assistance and training services for national cyber crisis management, as stated in
Paragraph 16.1, Order No. 24 of the Dasar dan Mekanisme Pengurusan Krisis Siber Negara (Policy
and Mechanism for National Cyber Crisis Management) by the National Security Council.
What Does CyberSecurity Malaysia Do?
• In essence, the role of CyberSecurity Malaysia is to provide
specialised cyber security services contributing immensely towards a
bigger national objective in preventing or minimising disruptions to
critical information infrastructure in order to protect the public, the
economy, and government services.
• CyberSecurity Malaysia provides on-demand access to a wide variety
of resources to maintain in-house security expertise, as well as access
to advanced tools and education to assist in proactive or forensic
investigations.
•
What Does CyberSecurity Malaysia Do?
https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Why is cybersecurity important?
• In today’s connected world, everyone benefits from advanced
cyberdefense programs. At an individual level, a cybersecurity attack can
result in everything from identity theft, to extortion attempts, to the loss of
important data like family photos. Everyone relies on critical infrastructure
like power plants, hospitals, and financial service companies. Securing
these and other organizations is essential to keeping our society
functioning.
• Everyone also benefits from the work of cyberthreat researchers, like the
team of 250 threat researchers at Talos, who investigate new and emerging
threats and cyber attack strategies. They reveal new vulnerabilities,
educate the public on the importance of cybersecurity, and strengthen
open source tools. Their work makes the Internet safer for everyone.
https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Ransomware
Types of cybersecurity threats
• Ransomware is a type of malicious software. It is designed to extort money by blocking
access to files or the computer system until the ransom is paid. Paying the ransom does
not guarantee that the files will be recovered or the system restored.
• Malware is a type of software designed to gain unauthorized access or to cause damage
to a computer.
• Social engineering is a tactic that adversaries use to trick you into revealing sensitive
information. They can solicit a monetary payment or gain access to your confidential
data. Social engineering can be combined with any of the threats listed above to make
you more likely to click on links, download malware, or trust a malicious source.
• Phishing is the practice of sending fraudulent emails that resemble emails from
reputable sources. The aim is to steal sensitive data like credit card numbers and login
information. It’s the most common type of cyber attack. You can help protect yourself
through education or a technology solution that filters malicious emails.
https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Types of network security
• Access control-Not every user should have run your business needs to be protected,
access to your network. To keep out potential whether your IT staff builds it or whether you
attackers, you need to recognize each user and buy it. Unfortunately, any application may
each device. Then you can enforce your contain holes, or vulnerabilities, that attackers
security policies. You can block noncompliant can use to infiltrate your network. Application
endpoint devices or give them only limited security encompasses the hardware, software,
access. This process is network access control and processes you use to close those holes.
(NAC). • Behavioral analytics-To detect abnormal
• Antivirus and antimalware software- network behavior, you must know what normal
"Malware," short for "malicious software," behavior looks like. Behavioral analytics tools
includes viruses, worms, Trojans, ransomware, automatically discern activities that deviate
and spyware. Sometimes malware will infect a from the norm. Your security team can then
network but lie dormant for days or even better identify indicators of compromise that
weeks. The best antimalware programs not pose a potential problem and quickly
only scan for malware upon entry, but also remediate threats.
continuously track files afterward to find
anomalies, remove malware, and fix damage.
• Application security- Any software you use to
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Types of network security
• Data loss prevention- Organizations must make outside networks, such as the Internet. They
sure that their staff does not send sensitive use a set of defined rules to allow or block
information outside the network. Data loss traffic. A firewall can be hardware, software, or
prevention, or DLP, technologies can stop both. Cisco offers unified threat
people from uploading, forwarding, or even management (UTM) devices and threat-
printing critical information in an unsafe focused next-generation firewalls.
manner. • Intrusion prevention systems-An intrusion
• Email security- Email gateways are the number prevention system (IPS) scans network traffic to
one threat vector for a security breach. actively block attacks. Cisco Next-Generation
Attackers use personal information and social IPS (NGIPS) appliances do this by correlating
engineering tactics to build sophisticated huge amounts of global threat intelligence to
phishing campaigns to deceive recipients and not only block malicious activity but also track
send them to sites serving up malware. An the progression of suspect files and malware
email security application blocks incoming across the network to prevent the spread of
attacks and controls outbound messages to outbreaks and reinfection.
prevent the loss of sensitive data.
• Firewalls- Firewalls put up a barrier between
your trusted internal network and untrusted
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Types of network security
• Mobile device security- Cybercriminals are • Security information and event management -
increasingly targeting mobile devices and apps. SIEM products pull together the information
Within the next 3 years, 90 percent of IT that your security staff needs to identify and
organizations may support corporate respond to threats. These products come in
applications on personal mobile devices. Of various forms, including physical and virtual
course, you need to control which devices can appliances and server software.
access your network. You will also need to
configure their connections to keep network • VPN-A virtual private network encrypts the
connection from an endpoint to a network,
traffic private. often over the Internet. Typically, a remote-
• Network segmentation -Software-defined access VPN uses IPsec or Secure Sockets Layer
segmentation puts network traffic into different to authenticate the communication between
classifications and makes enforcing security device and network.
policies easier. Ideally, the classifications are
based on endpoint identity, not mere IP
addresses. You can assign access rights based
on role, location, and more so that the right
level of access is given to the right people and
suspicious devices are contained and
remediated.
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Types of network security
• Web security -A web security solution will control your staff’s web
use, block web-based threats, and deny access to malicious websites.
It will protect your web gateway on site or in the cloud. "Web
security" also refers to the steps you take to protect your own
website.
• Wireless security -Wireless networks are not as secure as wired ones.
Without stringent security measures, installing a wireless LAN can be
like putting Ethernet ports everywhere, including the parking lot. To
prevent an exploit from taking hold, you need products specifically
designed to protect a wireless network.
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Additional note
What is Cyber Law?
• Cyber Law, which may be classified as “Computer Law”, is considered
to be one of the most recently developed legal fields as a result of the
ongoing advent of computer-based technology. This type of
technology relies heavily on the Internet and online activity, and as a
result, regulations and oversight of this type of activity has been
expressed in the spectrum of Cyber Law. Cyber Law is a fairly
expansive legal field that consists of a variety of avenues and
jurisdictions, including the ethical and moral use of the Internet for
lawful and legal purposes.
https://cyber.laws.com/cyber-laws
Cyber Law and Computer Law
• Cyber Law and Computer Law
• Cyber Law within the scope of Computer and Cyber Law may be identified as a
form of criminal activity that is facilitated through the usage of electronic,
network, and technologically-based communication systems. These systems rely
on the Internet as a means of online communication. Cyber Law can range from
lawful Internet usage to the regulation of electronic correspondence.
• Identity Theft is the criminal act of deceptively assuming the identity of another
individual without his or her expressed consent. Those who commit identity theft
do so with the intent of committing a crime. Fraudulent and illicit obtainment of
personal information through the usage of unsecured websites can be
prosecuted through Cyber Law.
• Hacking is the unlawful entry into the computer terminal, database, or digital
record system belonging to another individual. Hacking is conducted with the
intent to commit a crime.
https://cyber.laws.com/cyber-laws
Computer Viruses
• Computer Viruses
• Within the scope of Cyber Law, a computer virus is a program created to
infiltrate a computer terminal belonging to another individual with the
intent to cause damage, harm, and destruction of virtual property.
• Spyware are computer programs facilitating the unlawful collection of data,
allowing individuals the illicit access to the personal and private
information belonging to another individual.
• Phishing is a criminal act of fraud involving the illegal and unlawful attempt
to obtain restricted, unauthorized, and privileged information through
means of fraudulent and communicative requests. Spam is defined as a
digitally-based criminal instrument, which involves the unsolicited
transmission of electronic communication with intent of committing fraud.
https://cyber.laws.com/cyber-laws
Copyright Law and Cyber Law
• Copyright Law and Cyber Law
• Cyber Law prohibits the use of Bit Torrent technology, Peer-to-Peer
network file sharing, and any other means of the unlawful,
unauthorized transmission of digital, copyrighted media and
intellectual property.
• Cyber Law defines traditional file-sharing programs as means in which
to circulate complete digital media files through digital transmission.
• Cyber Law defines Bit Torrent and Peer-to-Peer file sharing as the
collective, segmented transmission of digital media through its
server(s).
https://cyber.laws.com/cyber-laws
Sex Crimes and Cyber Law
• Sex Crimes and Cyber Law
• Online Sex Crimes in the scope of Cyber Law are defined as the
participation or engagement in sexually-predatory or sexually-
exploitative behavior through the facilitation of the Internet, which
may include:
• The ownership, transmission, or receipt of illicit and illegal
pornography, ranging from bestiality to child pornography;
• The solicitation of minors or those below the age of consent to
participate in sexual activity. This can range from physical sex crimes
to virtual sex crimes.
https://cyber.laws.com/cyber-laws