Abstract: Cyber exercises used to assess the preparedness of a
community against cyber crises, technology failures and Critical
Information Infrastructure (CII) incidents. The cyber exercises also
called cyber crisis exercise or cyber drill, involved partnerships or
collaboration of public and private agencies from several sectors.
This study investigates Organisation Cyber Resilience (OCR) of
participation sectors in cyber exercise called X Maya in Malaysia.
This study used a principal based cyber resilience survey called CSuite
Executive checklist developed by World Economic Forum in
2012. To ensure suitability of the survey to investigate the OCR, the
reliability test was conducted on C-Suite Executive checklist items.
The research further investigates the differences of OCR in ten
Critical National Infrastructure Information (CNII) sectors
participated in the cyber exercise. The One Way ANOVA test result
showed a statistically significant difference of OCR among ten CNII
sectors participated in the cyber exercise.
Abstract: As the information age matures, major social
infrastructures such as communication, finance, military and energy,
have become ever more dependent on information communication
systems. And since these infrastructures are connected to the Internet,
electronic intrusions such as hacking and viruses have become a new
security threat. Especially, disturbance or neutralization of a major
social infrastructure can result in extensive material damage and social
disorder. To address this issue, many nations around the world are
researching and developing various techniques and information
security policies as a government-wide effort to protect their
infrastructures from newly emerging threats. This paper proposes an
evaluation method for information security levels of CIIP (Critical
Information Infrastructure Protection), which can enhance the security
level of critical information infrastructure by checking the current
security status and establish security measures accordingly to protect
infrastructures effectively.
Abstract: As the disfunctions of the information society and
social development progress, intrusion problems such as malicious
replies, spam mail, private information leakage, phishing, and
pharming, and side effects such as the spread of unwholesome
information and privacy invasion are becoming serious social
problems. Illegal access to information is also becoming a problem as
the exchange and sharing of information increases on the basis of the
extension of the communication network. On the other hand, as the
communication network has been constructed as an international,
global system, the legal response against invasion and cyber-attack
from abroad is facing its limit. In addition, in an environment where
the important infrastructures are managed and controlled on the basis
of the information communication network, such problems pose a
threat to national security. Countermeasures to such threats are
developed and implemented on a yearly basis to protect the major
infrastructures of information communication. As a part of such
measures, we have developed a methodology for assessing the
information protection level which can be used to establish the
quantitative object setting method required for the improvement of the
information protection level.