By: Sonny Zulhuda
Above is the title of my paper that has been approved for presentation at the International Symposium on Social Management Systems (SSMS 2010) to be held in March this year in Kochi, Japan. The abstract reads as follows:
The increasing reliance of critical infrastructures (such as those operating the national communications, energy, transport, and defence systems) on a computerized and networked environment imposes an enormous security task for both their operators and users. The fact that attack to critical infrastructure is not merely an ordinary criminal matter but rather an issue of national security makes it more urgent for policy-makers to come up with policies or laws addressing various issues ranging from information sharing to public-private cooperation, from technical solutions to security procedures, and from public awareness to law enforcement.
Looking at the scope it covers and the role it plays, the law on critical information infrastructures is so critical not only because it is part of national security measures, but also because the law may well determine the level of national readiness for landing a global investment. This is true because major business processes are now dependent on the secure information technology tools and networks. The biggest task ahead for policy-makers is therefore to prepare the best legal framework to protect the country’s critical information infrastructure and, at least, to manage and minimise the security risks that surround a networked environment.
This paper hypothesizes that security risk management of the critical information infrastructure can not be effectively sustained without a comprehensive framework that consists of, among others, good policies and legal framework. In Malaysia, the legal framework on CII can be found in several pieces of legislation. This paper seeks to discuss the role of the law especially on the restriction of access to and movement in the perimeters of CII as well as the law on computer and network security
KEYWORDS: critical information infrastructure, legal framework
February 1, 2010
Categories: Cybercrime & E-Security, Paper Abstracts . Tags: CII, critical information infrastructure, Information security . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda
At the closing week of year 2009, I’ll present my paper entitled: ‘Corroborative Intersection between Information Security Standards and the Legal Framework on Data Management’ at the Second International Conference on Computer ad Electrical Engineering (ICCEE 2009), 28-30 December 2009, Dubai, United Arab Emirates. The conference is organized by IEEE and IACSIT, both are renowned international associations for the electronic, computer and IT industry professionals. having gone through review and recommendations, over 200 papers will be presented at the two-day parallel sessions, discussing various aspects of computer and electronic industries. My paper talks about legal and industrial frameworks. I am looking forward to meeting the participants in person and having some networking sessions.
Here is the abstract:
This paper examines the intersection between the industrial standards and the legal framework in defining the scope of information security obligations in relation to the management of data and information assets. It undertakes two primary tasks; namely assessing the scope of legal compliance as stated in the internationally-accepted information security standards, in particular the Information Security Management Standards (ISMS); and identifying the legal trends adopted by laws in major jurisdictions, especially the UK and the US. It found that the intersection between the standards and the law is crucial and corroborative; one is found to compliment the other.
Some more snapshots and briefs will come soon.
December 24, 2009
Categories: ICT Policy & Governance, Personal Data Protection (PDP) . Tags: data management, data protection, Dubai, IACSIT, IEEE, PDP law . Author: Sonny Zulhuda . Comments: 3 Comments
By: Sonny Zulhuda
This November 2009 is marked with the tabling of a long-awaited law in the Parliament of Malaysia: the Personal Data Protection (PDP) Bill 2009. The complete draft can be obtained from the Parliament’s Website. Professor Abu Bakar Munir from University of Malaya has shared with us his views on the overview of the law. My further comments will also follow in due course.
This is a good news for Malaysian public. The days full with series of unsolicited calls and mails from marketers may in the near future be counted. We hope for the best to come out from this legislative exercise. Good luck MPs!
Note: for a related law on credit reporting agencies, you can check another draft Bill on Credit Reporting Agencies Bill from the Parliament’s website.
December 5, 2009
Categories: Personal Data Protection (PDP) . Tags: Data privacy law Malaysia, PDP Bill 2009, Personal data protection . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda
Introduction
Malaysia regards electronic commerce as a powerful driver for the national development and economic growth. This belief has be reinforced by the setting up of national policies and laws seeking to ensure that processes, tools and technologies are put in place to facilitate the electronic commerce. Among those laws is the Payment Systems Act (‘PSA’) 2003 (Act 627) which came into force on 1st November 2003). It is a principal legislation which provides for the framework for the regulation and supervision of the payment systems and payment instrument in Malaysia.
When anticipating the birth of this law, the Central Bank Governor emphasized that the study on the legal and regulatory framework was undertaken to enhance the efficiency of payment system and to specifically provide the mandate to the Central Bank of Malaysia to effectively oversee and facilitate greater development of such system in the country.
Read More…
December 4, 2009
Categories: E-Commerce Law and Beyond . Tags: E-commerce security, E-payment Malaysia, Payment Systems Act 2003 . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda
The Internet is now a common platform of over one billion users in the world who exchange information, trade communications and transact commerce every now and then. This is the realization of what the website founders initially sought to achieve, i.e. a two-way communications in the cyberspace where writing information should be as simple as reading it.
At the heart of this phenomenon is now the website log – or blog. Blog is not merely a new technology, but it is now a trend. Individuals use blogs to express their feelings. Companies engage themselves in corporate blogging where they capture beneficial information to upgrade their services and achieve corporate objectives, and where marketers capture potential customers while they advertise for their products. And more pressing of all, blog is now an alternative to conventional media industry where individuals easily publish reports of incidents accompanied by their comments and views while getting rid of editorial and spatial barriers of conventional media. People have now often referred to online blogs to get information on ongoing incidents day to day. Given this situation, the luxury of information is now something of the past.
Read More…
November 21, 2009
Categories: Content regulation . Tags: Blog, Blogger, Content regulation, Internet Censorship . Author: Sonny Zulhuda . Comments: 1 Comment
By: Sonny Zulhuda*
Malaysia has over a decade regarded the Information and Communications Technology (ICT) as a powerful tools and engine for growth in future. Related investments and development projects are dramatically boosted and other industrial and social infrastructures also gained the attention.
The consumer side, however, has a different story. While many of consumer concerns were addressed and gradually solved with the coming into force of the Consumer Protection Act (CPA) 1999, one major aspect of consumer protection is somehow lagging behind. The Malaysia’s CPA 1999 makes it clear that its provisions do not apply to those transactions effected by the electronic means. This is in turn resulting in an absurd situation. As one scholar noted, there is absurdity to find that while one can be compensated for a loss due to defective goods or services he or she took from normal transaction, the same cannot be guaranteed for the transaction he or she entered into electronically. What is then the protection offered by law in Malaysia for the e-transaction consumers? The truth is that, there is currently no comprehensive legal framework for protecting e-transaction consumers. It is argued that the law is in changing and developing mode.
Read More…
November 21, 2009
Categories: E-Commerce Law and Beyond . . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda *
The tremendous participation of companies in technological race and in exploiting the cyberspace is often marked with over-excitement and the sense of lawlessness. This is not true if one regards the cyberspace as a space without rule. The fact remains that there are rules in cyberspace just as people have rules in the real physical world.
When it comes to the notion of corporate social responsibility (‘CSR’), the matter may become more confusing: what kind of responsibility companies could have, and to whom they owe such responsibility. Assume that an online business entity does not have a physical presence – not physically registered, therefore not legally incorporated: does it assume a corporate status to subject it to the CSR? As for the incorporated ones, question may arise as to what responsibilities they bear when embarking in the online environment and to whom they are owed.
Read More…
November 21, 2009
Categories: ICT Policy & Governance, Paper Abstracts . Tags: Corporate Social Responsibility . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda*
Information is the lifeblood of today’s business, and the corporate citizens cannot agree more on this in the present fiercely competitive world, where the source of power has to be redefined, and wealth creation needs to be re-identified. The raw data that in the past just remained in the archives had now become the goose that lays the golden eggs. These golden eggs are in the form of valuable information assets from which the companies exploit and generate their wealth.
Bunch of those raw data, however, do not exclusively belong to the companies who retain them. The customers database, for example, may be a collection of personal, financial and commercial information that originally belong to individuals – either of those internal parties such as employees and shareholders; or of external stakeholders including customers, business partners, and vendors/suppliers.. Can companies regard them as their own property? This may be a contentious issue, depending on how the data was initially obtained: where, from whom, and in what manner or circumstances.
Read More…
November 21, 2009
Categories: Personal Data Protection (PDP) . Tags: Data privacy, PDP Bill 2009, personal data protection law . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda*
In today’s globalized economy, the way people store, reformulate and process information – and eventually generate revenues out of it, had marked the shift of attention from a raw material-based and labor-exploiting business to the information and knowledge-based entrepreneurship. Information is increasingly becoming not only a buzz-word for executives but also the goose that lays the golden eggs.
In response to this trend, this paper attempts to do two things; first, revisiting the notion of information as a business asset, and secondly, analyzing how this notions is responded by the law. The first part seeks to reconfirm that information is the new big thing in today’s business that is characterized by globalization, digitization and deregulation of rules. The second describes and analyzes how the law –notably at the judges’ hands– contributes to the strengthening of this notion by tendency to recognize the proprietary status of information – something that is not so well established just yet.
Read More…
November 21, 2009
Categories: Paper Abstracts, Personal Data Protection (PDP) . . Author: Sonny Zulhuda . Comments: Leave a Comment
By: Sonny Zulhuda *
Like other ICT inventio
ns that promise both unprecedented benefits and scaring risks, Internet banking has been received by both excitement and worries. While it offers high level of effectiveness such as online fund transfer as easy as from customers’ home desktop, it also haunts many as reflected in incidents involving theft of personal access code, tracing of online footprints and intrusion of online activities of other customers.
In Malaysia, Internet banking is still at its infancy though the number of service providers is increasing. Unfortunately, some crucial areas are left unclear for Internet banking consumers. This includes issues of distribution of liability between Internet banking stakeholders, use of personal data of bank customers, and low level of consumer protection provided by Internet banking operators. Furthermore, serious risks are awaiting consumers since the country’s consumer protection law statute is not applicable to commercial activities effected by information and communications technologies (ICT).
Read More…
September 14, 2009
Categories: E-Commerce Law and Beyond, Paper Abstracts, Personal Data Protection (PDP) . Tags: Online banking . Author: Sonny Zulhuda . Comments: Leave a Comment
Sonny Zulhuda
