The conference focused on strengthening awareness and understanding of cybersecurity auditing, compliance and risk management as well as provided international perspectives on cyber resilience, governance and critical infrastructure protection. The conference was declared open by Ir. Dr. Megat Zuhairy Megat Tajuddin, the Chief Executive of National Cyber Security Agency (NACSA) of Malaysia and Dr. Insa Ewert, Deputy Head of Mission of the European Union to Malaysia. In their opening remarks, both stressed the value of collaboration between the European Union and Malaysia in building bi-regional cyber resilience and forging trusted partnership.
Navigating Cyber Security Audit and Compliance
The first session by Norhayati binti Ahmad Mansor, the Director of NACSA’s Cyber Security Legal Division, provided participants an overview of the Cyber Security Act 2024 (Act 854), its key provisions, instructional framework and compliance requirements. Building on this, the next session by Ts. Dr. Nurul Aisyah Sim binti Abdullah, the Director of NACSA’s Audit and Compliance Department, explained how cybersecurity audit and compliance under the aforementioned Act helps to strengthen the readiness, security and resilience on NCII sectors, including highlighting the role of sector leads in supporting, coordinating and guiding. Session also covered key audit processes, reporting expectations and actions to support the development of more secure NCII nation.
Muhammad Dawud Wimon from KMPG Malaysia offered industry insights on navigating cyber security audit and compliance obligations. He highlighted key challenges faced by organisations, preparing for audits, maintaining documentation and the importance of embedding compliance into daily operations.
The European Perspective and Experience
The second half of the opening conference focused on sharing practical experiences from the European Union. EU CyberNet’s Deputy Director Cormac Callanan chaired a panel with three EU experts that provided an high-level overview of European approaches and practices to cyber auditing and explained the purpose of audits, the importance of supervision and the need for collaborative engagement in strengthening cybersecurity and promoting continuous improvement across critical sectors. The session also introduced different audit perspectives and types, including government and industry approaches, supply chain audits, the importance of auditor independence and role of certification in demonstrating compliance and resilience.
Ilmar Toom, Head of Supervision in the Estonian Information System Authority and EU CyberNet expert, explained to participants the importance and possibilities of auditing and risk management based on Estonia’s model, including the Estonian Information Security Standard.
EU CyberNet expert Nick Small introduced the importance of maturity assessment for successful auditing of NCII cybersecurity operations of CSIRTs, CERTs and SOCs and followed up by discussion on handling and reporting cyber incidents in critical infrastructure led by EU CyberNet expert and CEO of Cybershield, Christian Schlehuber.
Following the opening conference, the second and third day of the program will transition into a closed technical workshop dedicated exclusively to NACSA officers.
Links
