PAHANG CERT ESTABLISHMENT BACKGROUND
1. Pahang CERT Establishment Background
1.1 The Government issued Circular No. 1 Year 2001: Information and Communication Technology (ICT) Security Incident Reporting Mechanism, which came into force on 4 April 2001 to deal with incidents of cyber attacks. The ICT security incident management mechanism is centralised where public sector agencies experiencing incidents must report the incident to MAMPU GCERT. Given cyber attacks can cause security implications of ICT assets and government information, efforts to tackle cyber attacks on public sector ICT infrastructure must be addressed with intelligent ICT systems to ensure proper operation without hindrance.
1.2 General Circular Letter No. 4 Year 2006 : Guidelines for Public Sector ICT Security Incident Handling Management, also underlined the need to manage the operation of public sector ICT security incidents in every public sector agencies through the establishment of the CERT Agency promptly and systematically in order to reduce security incidents in public sector agencies, minimising the impact and curbing the spreading to other agencies.
1.3 Scope of control for Pahang CERT includes Pahang State Secretariat and Agencies within its purview. The briefing by MAMPU was held on 2 April 2010, chaired by SUB (TM) through the Pahang State GCERT Implementation Talks..
1.4 The Pahang Computer Emergency Response Team (CERT) was established on 16 June 2010.
1.5 The Pahang COMPUTER EMERGENCY RESPONSE TEAM (CERT) is responsible in managing the handling of ICT security incidents at the Pahang State Secretary Office, State Statutory Bodies, Local Authorities, Departments and agencies within its purview.
Pahang CERT team establishment objectives:
3. Establishment Of Pahang Cert
3.1 There are three (3) CERT agency structure models proposed by MAMPU:
Through this model, an incident handling team is established and is responsible for the management of the incidents at the agencies or divisions within its purview. Model 1 is applied for the ministry, state level administration, higher education institutions and statutory bodies.
Through model 2, several incident management teams are established at the department or agency level. The teams are then coordinated at the CERT centre established at the ministerial level.