Cyber Security Act 2024 and linked Regulations to take effect from today

savemalaysia

Publish date: Mon, 26 Aug 2024, 06:04 PM

PETALING JAYA: The Cyber Security Act 2024 (Act 854) takes effect from Monday (Aug 26), says the Prime Minister's Office (PMO).

It said in a statement that the Prime Minister has set Monday as the effective date of the Act's implementation, adding that this was done in his capacity as the minister responsible for cybersecurity.

The PMO added in a statement that Monday is also the effective date for the following regulations made under the Act, which are the;

> Cyber Security Regulations (Duration for Cybersecurity Risk Assessment and Audit) 2024.

> Cyber Security Regulations (Cybersecurity Incident Notification) 2024.

> Cyber Security Regulations (Licensing of Cybersecurity Service Providers) 2024 and the

> Cyber Security Regulations (Offence Compounding) 2024.

It added in a statement that the above regulations were published in the Gazette on August 22.

The PMO then said that the Act enhances the nation's cybersecurity, and among other things provides for the establishment of the National Cybersecurity Committee (JKSN) and the duties and powers of the Chief Executive of the National Cybersecurity Agency (Nacsa).

This Act also provides for the functions and duties of the heads of the National Critical Information Infrastructure (NCII) sectors and NCII entities and the management of cybersecurity threats and cybersecurity incidents affecting NCII.

It also regulates cybersecurity service providers through licensing and provides for related matters.

Under the Cybersecurity Regulations (Duration for Cybersecurity Risk Assessment and Audit) 2024, it stipulates that an NCII entity that owns or operates an NCII must conduct a cybersecurity risk assessment at least once a year.

These Regulations also stipulate that an audit must be done at least once every two years or at a higher frequency as may be directed by the Chief Executive in any specific case.

Meanwhile, the Cybersecurity Regulations (Cybersecurity Incident Notification) 2024 require an authorised person from an NCII entity to immediately notify, via electronic means, of any cybersecurity incident that has occurred or may have occurred

Subsequently, the authorized person must submit initial details within six hours of the NCII entity becoming aware of the cybersecurity incident through the “National Cyber Coordination and Command Centre System” (“NC4 System”).

In addition, the authorised person for the NCII entity must provide additional information within 14 days through the “NC4 System”.

Aside from that, the Cybersecurity Regulations (Licensing of Cybersecurity Service Providers) 2024 will apply to individuals and companies that provide cybersecurity services related to Managed Security Operation Centre Monitoring Services and Penetration Testing Services.

Cybersecurity Regulations (Offence Compounding) 2024 provides for the compounding of offences, namely subsections 20(6), 20(7), 22(7), 22(8), 24(4), and 32(3).

https://www.thestar.com.my/news/nation/2024/08/26/cyber-security-act-2024-and-linked-regulations-to-take-effect-from-today

Discussions

Be the first to like this. Showing 0 of 0 comments

Featured Posts

MQ Trader

Introducing MY's First IPO Fund for Sophisticated Investors!

MQ Chat

New Update. Discover investment communities that resonate with your ideas

MQ Trader

M & A Value Partners IPO Equity Fund has been launched - Targeted 13% Return p.a

Latest Videos