CONCLUSION

Information security issue is a multifaceted problem faced by all organizations in all

sectors. A comprehensive solution will normally include physical, procedural and logical forms
of protection. This necessitates the appropriate training and awareness within the organization to
foster a security culture, particularly within small organizations of less than 100 employees
where resources may be limited (Furnell et al., 2002). Organizations may recognize information
security as an issue but it is often found that they do not have a full understanding of what they
should be doing or how to go about it. Small organizations face the same security challenges as
larger companies but there is a significant difference that exists depending upon the size of the
organization involved. The most recent National Computer Center survey suggests that a
disparity continues to exist on the basis of organizational size and states that smaller
organizations place limited value on information and its security (Smith and Rupp, 2002).

Therefore, the limitations of each security technology combined with attacks growth
impact the efficiency of information security management and increase the activities to be
performed by network administrators. Specific issues include data collection, data reduction, data
normalization, event correlation, behavior classification, reporting and response.

Cyber security plans call for more specific requirements for computer and network
security as well as emphasis on the availability of commercial automated auditing and reporting
mechanisms and promotion of products for security assessments and threat management
(Hwang, Tzeng & Tsai, 2003; Chan, 2003; Leighton, 2004). Recent initiatives to secure
cyberspace are based on the introduction of cyber-security priorities that call for the
establishment of information sharing and analysis centers. Sharing information via Web services
brings benefits as well as risks (Dornan, 2003). Security must be considered at all points and for
each user. End-to-end security is a horizontal process built on top of multiple network layers that
may have security or no security. Security is a process based on interdisciplinary techniques
(Mena, 2004; Maiwald, 2004).

Information security is of paramount importance to all colleges and universities, and with
our connected world, this would not change anytime soon. We encourage institutions to continue
the tradition of openly collaborating and sharing ideas to help move our community forward in
the information security space. IT security specialists and engineers with sophisticated skills are
needed to prevent and defend against sophisticated cyber attack. Cyber Security threats are real,
this underscores the strategic role of Cyber Security Malaysia in driving the Malaysian economy
to greater growth and progress by ensuring the infrastructure and digital assets are protected and
safeguarded against cyber security threats. A secure and resilient cyberspace is important not
only to ensure the continuous growth of the countrys economy but also its competitive
advantage in the global economy.

To play its role in creating a safe and secure cyberspace, Cyber Security Malaysia
provides specialized cyber security services including Cyber Security Emergency Services,
Security Quality Management Services, Info Security Professional Development and Outreach
and Cyber Security Strategic Engagement and Research.

Through the above services, Cyber Security Malaysia, among others, provides 24x7
computer security incident response services (MyCERT) to all Internet users, assists in cyber
forensics and analysis (DF), provides impartial assessment and certification based on the
foremost international standard for ICT security function (ISCB & SA), promotes awareness of
online safety and security issues among Malaysians (CyberSAFE) and conducts programmes for
cyber security professionals development (CSPD).

Besides providing services to enable the conducive growth of the economy, cyber
security industry is also fast emerging as a new engine of growth for Malaysia. In this regard,
Cyber Security Malaysia plays a vital role in developing a vibrant cyber security industry by
offering global solutions as well as ICT certification, assurance and evaluation services which
are at par with international standards.

Cyber Security Malaysia Awards, Conference & Exhibition (CSM-ACE) event is held
annually to provide a one-stop and conducive platform for business matching as well as trade
and investment opportunities. Through the conferment of Malaysia Cyber Security Awards
during such event, it will spur innovation, commitment, and foster strategic alliances within the
local security and ICT industry. This will help to bolster projects under the Digital Malaysia
initiative which is targeting an increase in Gross National Index (GNI) contribution of digital
technologies to 17% of Gross Domestic Product (GDP) and creating 160,000 high value jobs by
the year 2020.

Hackers will always be out there, adapting to the newest, most complex technology and
software. To prevent data breaches, we need to start at the root of the problem. Invest in security
and your IT team and emphasize the importance of education. We are going to need as many
talented professionals as we can get.

Computer security is a vast topic that is becoming more important because the world is
becoming highly interconnected, with networks being used to carry out critical transactions. The
environment in which machines must survive has changed radically since the popularization of
the Internet. Deciding to connect a local area network (LAN) to the Internet is a security-critical
decision. The root of most security problems is software that fails in unexpected ways. Although
software security as a field has much maturing to do, it has much to offer to those practitioners
interested in striking at the heart of security problems. The goal of this book is to familiarize you
with the current best practices for keeping security flaws out of your software.

Good software security practices can help ensure that software behaves properly. Safety-
critical and high-assurance system designers have always taken great pains to analyze and to
track software behavior. Security-critical system designers must follow suit. We can avoid the
Band-Aid-like penetrate-and-patch approach to security only by considering security as a crucial
system property.

Security event management solutions are needed to integrate threat data from various
security and network products to discard false alarms, correlate events from multiple sources and
identify significant events to reduce unmanaged risks and improve operational security
efficiency. There is a need for increased use of automated tools to predict the occurrence of
security attacks. Auditing and intelligent reporting mechanisms must support security assessment
and threat management at a larger scale and in correlation with the past, current and future
events.
 Security should be considered a balance between protection and availability. The level of
security must allow reasonable access, yet protect against threats to achieve balance. Information
security must be managed in a manner similar to any other major system implemented in the
organization. Organizations must have secure infrastructure services based on the size and scope
of the enterprise and an additional security services may have to be provided. The organization
like Cyber Security Malaysia involvement in the annual e-commerce conference is to educate
consumer and retailer about cyber security issues and how they can avoid cyber security
incidents such as scam or fraud in the e-commerce field. Through Cyber Security Malaysia
service, My Trust SEAL, consumer can be assured to do their e-commerce transaction and trust
the retailer who has adopted e-commerce good practice based on certification issued by Cyber
Security Malaysia. As a member of World Trustmark Alliance, Cyber Security Malaysia is
capable and authorized to validate retailer websites and businesses according to the international
standard, requirement as well as national regulation.

In essence, the role of Cyber Security Malaysia is to provide specialized cyber security
services to ensure the security and safety of our cyber space. It is part of our contribution towards
supporting Malaysia in becoming a digital nation and high-income nation driven by the digital
economy. Their focus as reflected in the National Cyber Security Policy (NCSP) is on the
protection of the Critical National Information Infrastructure (CNII), where governments,
businesses and citizens are highly-reliant on to enable the nation to function and acquire critical
services.

Therefore, information security is important to against the issues related to computer.

Information security performs four important functions for an organization including protects the
organizations ability to function, enables the safe operation of applications implemented on the
organizations IT systems, protects the data the organization collects and uses and safeguards the
technology assets in use at the organization.