7.

0 Law and Acts governing engineer (6

hours)
7.0 Law and Acts governing engineer (6 hours)
7.1 Environmental Quality Act 1974
7.2 Law of contract
7.3 Akta Suruhanjaya Pencegahan Rasuah Malaysia (SPRM)
7.4 Employment Act and Regulation
7.5 Insolvency & Bankruptcy Act
7.6 Cyber Law
EDIT BY BA 23 MAC 2018
 Introduction of Cyber Law Acts in Malaysia
• Cyber law is also known as computer law or IT law. The the world.
growing danger from crimes committed against Internet
and computer is beginning to claim attention in national • Apart from being a good intermediate system, many users
capitals. In most countries around the world, however, have been abusing the Internet in the negative way such as
existing laws are likely to be unenforceable against such identity theft, online fraud, virus attack and hacking.
crimes. The rule of law must also be enforced. Malaysia has established the Multimedia Super Corridor
(MSC) which will incorporate an integrated environment
• The consequences of criminal behavior can be more far- with all the unique elements and attributes necessary to
reaching than before because they are not restricted by create the perfect climate of Multimedia in Malaysia
national boundaries. The recent spread of detrimental
computer viruses all over the world has provided proof of • Just like other countries, Malaysia also is also involved in
the reality. evolution of technology. Internet has become a necessities
for everybody in business, communicate socializing and
• Other than computer viruses, cyber crime also consists of many more. Despite being a positive tool for users, there
specific crimes dealing with computers and networks such are some of irresponsible people that are using internet in
as hacking and the facilitation of traditional crime through negative way such as online fraud, identity theft, virus
the use of computers. attack and hacking.
• Many computer crime occurred nowadays. Along with • Therefore, Malaysian government has already taking a big
advances in information technology world, Malaysia was step to overcome these problems by introducing a few acts
also involved in the evolution of technology. Internet of law that can be used for cyber crimes.
becomes the main medium of human relationships around

https://cyberlawcase.wordpress.com/2016/05/09/first-blog-post/ http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
a list of statutes in Malaysia regarding the
Cyber law
• • Electronic Government Activities
These are a list of statutes in Act 2007
Malaysia regarding the Cyber • Payment Systems Act 2003
law (Zulhuda, n.d.).
• Personal Data Protection Act
Communications and Multimedia 2010
Act 1998 • Telemedicine Act 1997
• Computer Crimes Act 1997 • Penal Code (including Chapter on
• Copyright Act (Amendment)1997 terrorism & cyber-terrorism)
• Digital Signature Act 1997 • Communications and Multimedia
Content Code
• Electronic Commerce Act 2006
a list of statutes in Malaysia regarding the
Cyber law
• Communications and Multimedia Act 1998 Copyright Act (Amendment) 1997

This act is the main pillar for other cyber laws in This act is amendment from Copyright Act 1987. It
Malaysia. It will explain each roles and will be protecting the copyright works from
responsibilities of Internet Service Providers. It also unauthorized copying and/or alteration. Since
stated that there will be no filtering in accessing the technology is always evolved, this act help to protect
Internet in Malaysia. A specialize government body in copyright works in new forms. The enforcement of
Information and Communication Technology (ICT) is the act has been done on 1st April 1999 (Multimedia
also been established by using this particular act, Development Corporation, 1996-2012).
which is the Communication and Multimedia
Commission. It is already being enforced by the • Digital Signature Act 1997
government on 1st April 1999 (Multimedia
Development Corporation, 1996-2012). On 1st October 1998, this act has been enforced to
help preventing on-line transaction fraud. It will
Computer Crimes Act 1997 provide both licensing and regulation of Certification
Authorities (CA). Signor identity certification and
The main reason for enforcing this act is to ensure Digital Signature will be issued by CA. Digital
that misuse of computer can be overcome. Misuse of Signature has become legally valid and enforceable
computer will be an offence in Malaysia. This act is as a traditional signature (National IT Council, 2012).
enforced on 1st June 2000(Multimedia Development
Corporation, 1996-2012). http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
a list of statutes in Malaysia regarding the
Cyber law
• Electronic Commerce Act 2006
Payment Systems Act 2003
This act will give a legal recognition of
electronic messages in commercial transaction. This act will be covering both operators
It also provides how legal requirements can be payments system and issuers of designated
fulfilled by using electronic messages. This acts payment instruments (DPIs). It also contains
also allow the use of electronic means and provasions to allow Bank Negara Malaysia (BNM)
other related matters to facilitate commercial to effectively perform its roles. On 1st
transactions. It is effective on 19th October November 2003 has been enforced by the
2006 (Multimedia Development Corporation, government (Bank Negara Malaysia, 2013).
1996-2012).
•
• Personal Data Protection Act 2010
Electronic Government Activities Act 2007
Personal Data Protection Act 2010 is an act to
Malaysian Government has enforce an act to do regulate the processing of personal data in
facilitation of electronic delivery commercial transactions. However, this will not
on government services to the public. It come be applicable to the government both federal
into force on 1 January 2008 (Multimedia or states and data processed outside of
Development Corporation, 1996-2012). Malaysia. This act said to be enforced on 1st
January 2013 but it has been extend to a
• different date (Secure IT Solution, 2011).
http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
a list of statutes in Malaysia regarding the
Cyber law
• Telemedicine Act 1997 online pornography. This will avoid the
criminals from charged not guilty (Zulhuda,
This act is still not enforced yet and 2010).
amendment are still being made. The act states
that only registered doctor can practice
telemedicine. Other healthcare providers must Communications and Multimedia Content
obtain license to do telemedicine. This is to Code
avoid anything that related with medical
purpose from being misuse by doctors or Using Communication and Multimedia Act 1998
patients, since the health industry has evolved as a guide to prepare a content code and to
into a new level (National IT Council, 2012). enforce the code according to the standard and
practices in the communications and
multimedia industry (Ministry of Information
Penal Code (including Chapter on terrorism & Communications and Culture, 2011).
cyber-terrorism)
•
It is the pillar or the main statute in Malaysia.
This is because not all cyber crimes can be
enforced using all cyber laws. Therefore, Penal
Code will be used as a backup to charge the
criminal involved in cyber crimes. Example of
case are online fraud, online gambling and
http://malaysiancyberwarriors.blogspot.my/2013/03/introduction-of-cyber-law-acts-in.html
http://www.cybersecurity.my/en/about_us/our_ministry/main/detail/
2609/index.html
CyberSecurity Malaysia is the national cyber security specialist
agency under the Ministry of Science, Technology and
Innovation (MOSTI).
• The Cabinet Meeting on 28 September 2005, through the Joint Cabinet Notes by the Ministry of
Finance (MOF) and Ministry of Science, Technology and Innovation (MOSTI) No. H609/2005
agreed to establish the National ICT Security and Emergency Response Centre (now known as
CyberSecurity Malaysia) as a National Body to monitor the National e-Security aspect, spin-off
from MIMOS to become a separate agency and incorporated as a Company Limited-by-
Guarantee, under the supervision of MOSTI.
•
The Malaysian Government gazetted the role of CyberSecurity Malaysia by Order of the Ministers
of Federal Government Vol.53, No.13, dated 22 June 2009 (revised and gazetted on 26 June 2013
[P.U. (A) 184] by identifying CyberSecurity Malaysia as an agency that provides specialised
cybersecurity services and continuously identifies possible areas that may be detrimental to
national security and public safety.
•
As a specialist agency, CyberSecurity Malaysia is also required to support as well as provide
technical assistance and training services for national cyber crisis management, as stated in
Paragraph 16.1, Order No. 24 of the Dasar dan Mekanisme Pengurusan Krisis Siber Negara (Policy
and Mechanism for National Cyber Crisis Management) by the National Security Council.
What Does CyberSecurity Malaysia Do?
• In essence, the role of CyberSecurity Malaysia is to provide
specialised cyber security services contributing immensely towards a
bigger national objective in preventing or minimising disruptions to
critical information infrastructure in order to protect the public, the
economy, and government services.
• CyberSecurity Malaysia provides on-demand access to a wide variety
of resources to maintain in-house security expertise, as well as access
to advanced tools and education to assist in proactive or forensic
investigations.
•
What Does CyberSecurity Malaysia Do?

• What Does CyberSecurity Malaysia Do?

• CyberSecurity Malaysia provides specialised cyber security
services, as follows:
• Cyber Security Emergency Services
• Security Quality Management Services
• InfoSecurity Professional Development and Outreach
• Cyber Security Strategic Engagement and Research
-DATA RECOVERY SERVICES
• Data loss situations can occur due to several types of CyberSecurity Malaysia, you can rest assured that
physical or logical damage to the media and the your data will be handled in a safe, secure and
extent of the damage also defines the extent of data confidential manner.
loss. Due to the complexity of a data loss situation
• DATA LOSS DUE THE FOLLOWING SITUATIONS
and the criticality of the data, there is a need for a
secure and structured approach to address the data • Unable to boot
recovery needs of a customer.
• Inaccessible drives or partitions
• Solution: Data Recovery Service
• Fire and water damage
• Through the Data Recovery Service offered by
CyberSecurity Malaysia, we address your need for • Drive damage due to power issues
effective data recovery solutions based on specific • Head stack failures; clicking hard drives
cases of data loss.
• Accidental format / deletion of data
• Our structured and standard approach provides an
initial estimate of the potential for data recovery and • RAID failures, Filed arrays, RAID 0, RAID 1, RAID 5
the cost of this process, thus allowing the customer
to select a solution that best suits their needs.
With data security and confidentiality at the core of
our service and based on the credibility of
DATA SANITIZATION SERVICES

• CyberSecurity Malaysia handled on average more reallocated.

than 100 cases of data sanitization and recovery per
year in the early years of operation of the • With Information Security at the core of our
CyberSecurity Clinic. service and our identity as the national cyber
security specialist agency we provide an effective
• The current trend of accelerated technological and trustworthy data sanitization service.
developments in the digital devices sector is
resulting in frequent hardware upgrades and • Customer engagement at multiple steps ensures
software updates. At the same time with the amount that your specific needs are met. Services provided
of important data digitized and stored in digital are based on the type of the digital storage device,
devices has made data security critical to everyone. the state of the data and the level of data
sanitization required. The levels of data sanitization
• With the high rate of hard disk replacement and the include Logical Sanitization, Digital Sanitization and
attached risk of data recovery from replaced hard Analogue Sanitization.
disks there is a need for effectively sanitizing the
storage devices that are being replaced.
• Solution: Data Sanitization Service
• Through the Data Sanitization Service offered by
CyberSecurity Malaysia, we address your need for
safe and secure deletion of data from storage
devices that are to be retired, upgraded or
DATA SANITIZATION SERVICES

• Key Benefits of Data Sanitization

• Ensures data security during the hardware upgrade stage by sanitizing the
storage devices that are being replaced thus mitigating the risk of data
leaks when the replaced drives are reused by other organizations.
• Ensures the use of a standard and secure process for the disposal or
replacement of digital data storage devices.
• Provides an opportunity to safely reuse and recycle the replaced or
discarded digital storage devices, thus contributing to the eco-friendly
movement.
• MyCyberSecurity Clinic is a trustworthy and credible entity for secure
data handling and sanitization.
DATA SANITIZATION SERVICES

• Key Components of Service

• Preliminary Analysis of Storage Device – to assess
the current state of the storage device and its data
and to identify customers’ needs.
• Review report and Process Walkthrough – to report
findings of the preliminary assessment and to
provide a process walkthrough to the customer to
ensure clarity and positive engagement.
• Data Sanitization Process Execution – To follow the
standard sanitization procedures based on the
current state and the customer needs.
• Post Process Verification – To execute verification
processes after the data sanitization to ensure
success of process and to maintain quality control.
What Is Cybersecurity?
• Cybersecurity is the practice of
protecting systems, networks, and
programs from digital attacks. These
attacks are usually aimed at accessing,
changing, or destroying sensitive
information; extorting money from
users; or interrupting normal business
processes.
• Implementing effective cybersecurity
measures is particularly challenging
today because there are more devices
than people, and attackers are
becoming more innovative.
https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
How does cybersecurity work?
How does cybersecurity work? you. It explains how you can identify attacks,
protect systems, detect and respond to threats,
A successful cybersecurity approach has multiple and recover from successful attacks. Watch a
layers of protection spread across the computers, video explanation of the NIST cybersecurity
networks, programs, or data that one intends to framework.
keep safe. In an organization, the people,
processes, and technology must all complement Technology
one another to create an effective defense from
cyber attacks. Technology is essential to giving organizations and
individuals the computer security tools needed to
People protect themselves from cyber attacks. Three main
entities must be protected: endpoint devices like
Users must understand and comply with basic computers, smart devices, and routers; networks;
data security principles like choosing strong and the cloud. Common technology used to
passwords, being wary of attachments in email, protect these entities include next-generation
and backing up data. Learn more about basic firewalls, DNS filtering, malware protection,
cybersecurity principles. antivirus software, and email security solutions.
Processes
Organizations must have a framework for how they
deal with both attempted and successful cyber
attacks. One well-respected framework can guide

https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Why is cybersecurity important?
• In today’s connected world, everyone benefits from advanced
cyberdefense programs. At an individual level, a cybersecurity attack can
result in everything from identity theft, to extortion attempts, to the loss of
important data like family photos. Everyone relies on critical infrastructure
like power plants, hospitals, and financial service companies. Securing
these and other organizations is essential to keeping our society
functioning.
• Everyone also benefits from the work of cyberthreat researchers, like the
team of 250 threat researchers at Talos, who investigate new and emerging
threats and cyber attack strategies. They reveal new vulnerabilities,
educate the public on the importance of cybersecurity, and strengthen
open source tools. Their work makes the Internet safer for everyone.

https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Ransomware
Types of cybersecurity threats
• Ransomware is a type of malicious software. It is designed to extort money by blocking
access to files or the computer system until the ransom is paid. Paying the ransom does
not guarantee that the files will be recovered or the system restored.
• Malware is a type of software designed to gain unauthorized access or to cause damage
to a computer.
• Social engineering is a tactic that adversaries use to trick you into revealing sensitive
information. They can solicit a monetary payment or gain access to your confidential
data. Social engineering can be combined with any of the threats listed above to make
you more likely to click on links, download malware, or trust a malicious source.
• Phishing is the practice of sending fraudulent emails that resemble emails from
reputable sources. The aim is to steal sensitive data like credit card numbers and login
information. It’s the most common type of cyber attack. You can help protect yourself
through education or a technology solution that filters malicious emails.

https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Types of network security
• Access control-Not every user should have run your business needs to be protected,
access to your network. To keep out potential whether your IT staff builds it or whether you
attackers, you need to recognize each user and buy it. Unfortunately, any application may
each device. Then you can enforce your contain holes, or vulnerabilities, that attackers
security policies. You can block noncompliant can use to infiltrate your network. Application
endpoint devices or give them only limited security encompasses the hardware, software,
access. This process is network access control and processes you use to close those holes.
(NAC). • Behavioral analytics-To detect abnormal
• Antivirus and antimalware software- network behavior, you must know what normal
"Malware," short for "malicious software," behavior looks like. Behavioral analytics tools
includes viruses, worms, Trojans, ransomware, automatically discern activities that deviate
and spyware. Sometimes malware will infect a from the norm. Your security team can then
network but lie dormant for days or even better identify indicators of compromise that
weeks. The best antimalware programs not pose a potential problem and quickly
only scan for malware upon entry, but also remediate threats.
continuously track files afterward to find
anomalies, remove malware, and fix damage.
• Application security- Any software you use to

https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Types of network security
• Data loss prevention- Organizations must make
sure that their staff does not send sensitive
information outside the network. Data loss
prevention, or DLP, technologies can stop
people from uploading, forwarding, or even
printing critical information in an unsafe
manner.
• Email security- Email gateways are the number
one threat vector for a security breach.
Attackers use personal information and social
engineering tactics to build sophisticated
phishing campaigns to deceive recipients and
send them to sites serving up malware. An
email security application blocks incoming
attacks and controls outbound messages to
prevent the loss of sensitive data.
• Firewalls- Firewalls put up a barrier between
your trusted internal network and untrusted
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
outside networks, such as the Internet. They
use a set of defined rules to allow or block
traffic. A firewall can be hardware, software, or
both. Cisco offers unified threat
management (UTM) devices and threat-
focused next-generation firewalls.
• Intrusion prevention systems-An intrusion
prevention system (IPS) scans network traffic to
actively block attacks. Cisco Next-Generation
IPS (NGIPS) appliances do this by correlating
huge amounts of global threat intelligence to
not only block malicious activity but also track
the progression of suspect files and malware
across the network to prevent the spread of
outbreaks and reinfection.
Types of network security
• Mobile device security- Cybercriminals are • Security information and event management -
increasingly targeting mobile devices and apps. SIEM products pull together the information
Within the next 3 years, 90 percent of IT that your security staff needs to identify and
organizations may support corporate respond to threats. These products come in
applications on personal mobile devices. Of various forms, including physical and virtual
course, you need to control which devices can appliances and server software.
access your network. You will also need to
configure their connections to keep network • VPN-A virtual private network encrypts the
connection from an endpoint to a network,
traffic private. often over the Internet. Typically, a remote-
• Network segmentation -Software-defined access VPN uses IPsec or Secure Sockets Layer
segmentation puts network traffic into different to authenticate the communication between
classifications and makes enforcing security device and network.
policies easier. Ideally, the classifications are
based on endpoint identity, not mere IP
addresses. You can assign access rights based
on role, location, and more so that the right
level of access is given to the right people and
suspicious devices are contained and
remediated.
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Types of network security
• Web security -A web security solution will control your staff’s web
use, block web-based threats, and deny access to malicious websites.
It will protect your web gateway on site or in the cloud. "Web
security" also refers to the steps you take to protect your own
website.
• Wireless security -Wireless networks are not as secure as wired ones.
Without stringent security measures, installing a wireless LAN can be
like putting Ethernet ports everywhere, including the parking lot. To
prevent an exploit from taking hold, you need products specifically
designed to protect a wireless network.

https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Additional note
What is Cyber Law?
• Cyber Law, which may be classified as “Computer Law”, is considered
to be one of the most recently developed legal fields as a result of the
ongoing advent of computer-based technology. This type of
technology relies heavily on the Internet and online activity, and as a
result, regulations and oversight of this type of activity has been
expressed in the spectrum of Cyber Law. Cyber Law is a fairly
expansive legal field that consists of a variety of avenues and
jurisdictions, including the ethical and moral use of the Internet for
lawful and legal purposes.

https://cyber.laws.com/cyber-laws
Cyber Law and Computer Law
• Cyber Law and Computer Law
• Cyber Law within the scope of Computer and Cyber Law may be identified as a
form of criminal activity that is facilitated through the usage of electronic,
network, and technologically-based communication systems. These systems rely
on the Internet as a means of online communication. Cyber Law can range from
lawful Internet usage to the regulation of electronic correspondence.
• Identity Theft is the criminal act of deceptively assuming the identity of another
individual without his or her expressed consent. Those who commit identity theft
do so with the intent of committing a crime. Fraudulent and illicit obtainment of
personal information through the usage of unsecured websites can be
prosecuted through Cyber Law.
• Hacking is the unlawful entry into the computer terminal, database, or digital
record system belonging to another individual. Hacking is conducted with the
intent to commit a crime.

https://cyber.laws.com/cyber-laws
Computer Viruses
• Computer Viruses
• Within the scope of Cyber Law, a computer virus is a program created to
infiltrate a computer terminal belonging to another individual with the
intent to cause damage, harm, and destruction of virtual property.
• Spyware are computer programs facilitating the unlawful collection of data,
allowing individuals the illicit access to the personal and private
information belonging to another individual.
• Phishing is a criminal act of fraud involving the illegal and unlawful attempt
to obtain restricted, unauthorized, and privileged information through
means of fraudulent and communicative requests. Spam is defined as a
digitally-based criminal instrument, which involves the unsolicited
transmission of electronic communication with intent of committing fraud.
https://cyber.laws.com/cyber-laws
Copyright Law and Cyber Law
• Copyright Law and Cyber Law
• Cyber Law prohibits the use of Bit Torrent technology, Peer-to-Peer
network file sharing, and any other means of the unlawful,
unauthorized transmission of digital, copyrighted media and
intellectual property.
• Cyber Law defines traditional file-sharing programs as means in which
to circulate complete digital media files through digital transmission.
• Cyber Law defines Bit Torrent and Peer-to-Peer file sharing as the
collective, segmented transmission of digital media through its
server(s).
https://cyber.laws.com/cyber-laws
Sex Crimes and Cyber Law
• Sex Crimes and Cyber Law
• Online Sex Crimes in the scope of Cyber Law are defined as the
participation or engagement in sexually-predatory or sexually-
exploitative behavior through the facilitation of the Internet, which
may include:
• The ownership, transmission, or receipt of illicit and illegal
pornography, ranging from bestiality to child pornography;
• The solicitation of minors or those below the age of consent to
participate in sexual activity. This can range from physical sex crimes
to virtual sex crimes.
https://cyber.laws.com/cyber-laws