By Foong Cheng Leong and Joanne Wong Min Min June 23, 2024Paramount any legislative measure implemented does not inadvertently impede innovation
To regulate the cyber security service providers through licensing, and to provide for related matters. In practice, it may however be difficult to apprehend transnational cybercriminals, especially if the criminals are often based in jurisdictions with weaker laws and enforcement. The increase in extraterritorial reach may have limited impact in preventing or deterring these criminals.
The NCSC shall have all such powers as may be necessary, or in connection with, or reasonably incidental to, the performance of its functions under the Act.The Act creates a Chief Executive of the National Cyber Security Agency and he is the secretary of the NCSC. Though the duties and powers of the Chief Executive are set out in section 10, section 14 is still widely worded and this may be subject to abuse or exercised excessively or improperly.
Failure of any person to comply with sections 14 and/or 14 will be liable to a fine not exceeding RM200,000 or to imprisonment for a term not exceeding three years or to both.The Bill sets out the following list of sectors regarded as NCII sectors that are crucial to Malaysia’s cyber security:The Bill introduces two types of persons, namely, national critical information infrastructure sector lead and national critical information infrastructure entity .
. The Chief Executive may also designate a NCII Sector Lead as a NCII Entity in such manner as he may determine if the Chief Executive is satisfied that the NCII Sector Lead owns or operates a NCII. Provision of information: provide information relating to NCII owned or operated when there is a request by the NCII Sector Lead, when the NCII Entity procures or has come into possession or control of any additional computer or computer system which, in its opinion, is an NCII, or when a material change is made to the design, configuration, security or operation of the NCII.
no cyber security incident has occurred, the authorized officer shall notify the Chief Executive about such findings and the Chief Executive shall notify the NCII Entity accordingly and dismiss the matter; or Importantly, the Bill introduces a licensing framework for cyber security service providers. Cyber security service provider is defined asany cyber security service that may be prescribed by the Minister for which a licence shall be obtained
According to section 28, an applicant must not have any convictions for offences involving fraud, dishonesty, or moral turpitude. Additionally, the Chief Executive shall establish other prerequisite requirements for applying for a licence. In comparison, Singapore Cybersecurity Act 2018 also sets out the same types of service providers i.e. penetration testing and managed security operations centre monitoring.
Australia Australia Latest News, Australia Australia Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: technavemy - 🏆 6. / 68 Read more »