Information security plays an important role in protecting the assets of an organisation. As no single formula can guarantee 100% security, there is a need for a set of benchmarks or standards to help ensure an adequate level of security is attained, resources are used efficiently, and the best security practices are adopted.
While information security plays an important role in protecting the data and assets of an organisation, we often hear news about security incidents, such as defacement of websites, server hacking and data leakage. Organisations need to be fully aware of the need to devote more resources to the protection of information assets, and information security must become a top concern in both government and business.
To address the situation, a number of governments and organisations have set up benchmarks, standards and in some cases, legal regulations on information security to help ensure an adequate level of security is maintained, resources are used in the right way, and the best security practices are adopted.
A multifaceted approach to e-security is necessary to maintain the integrity of internet transactions, and consumer and business confidence in undertaking these transactions. User education, effective legislation and enforcement, international cooperation, and the ongoing development and implementation of technical solutions and standards will be required to address e-security problems. The ICT Authority plays a significant role to play in all these activities.
In line with the above mandate, the National Cybercrime Prevention Committee (NCPC) is a statutory Committee set up under the aegis of the ICT Authority and is chaired by the Chairperson of the Authority. The Committee is mandated under section 11 of the ICT Act 2001 to:-
- provide advice for and support the promotion of a national culture of cybersecurity to minimize cybercrimes;
- facilitate the establishment of international cooperation on cybercrimes;
- streamline roles, responsibilities, linkages, procedures and cooperative arrangements necessary for an enhanced national approach for combating cybercrimes in coordination with the law enforcement communities; and
- strengthen Government-Industry partnerships to effectively combat cybercrimes.
The NCPC has constituted four Working Groups, namely Legal, Technical and Procedural, Organisational/Capacity Building and International Co-operation.
To assess the ability to handle cybercrimes at the national level, the four Working Groups worked collectively on the guidelines below:-
- Mapping the different types of cybercrimes with provisions of the Computer Misuse & Cybercrime Act in terms of substantive criminal and procedural provisions;
- Assessing the technical and procedural measures deployed;
- Understanding the role of the different organizational structures involved in combating cybercrime;
- Identifying capacity building requirements; and
- Understanding the need for international co-operation.