Seksyen 1
(1)
Peraturan-peraturan ini bolehlah dinamakan Peraturan-Peraturan
Keselamatan
Siber
(Tempoh bagi
Penilaian
Risiko
Keselamatan
Siber dan Audit) 2024.
/akn/my/act/pua/2024/219
The full official text, structured for quick navigation. Copy any provision or jump straight to a section.
Quick answer
PERATURAN-PERATURAN KESELAMATAN SIBER (TEMPOH BAGI PENILAIAN RISIKO KESELAMATAN SIBER DAN AUDIT) 2024 is Malaysia P.U. (A), cited as P.U. (A) 219 2024, currently marked in force and first recorded in 2024.
Opening note
Peraturan-peraturan ini bolehlah dinamakan Peraturan-Peraturan
Keselamatan
Siber
(Tempoh bagi
Penilaian
Risiko
Keselamatan
Siber dan Audit) 2024.
Dalam Peraturan-Peraturan ini, “risiko keselamatan siber” ertinya risiko bahawa kerentanan dalam keselamatan siber bagi infrastruktur maklumat kritikal negara boleh dieksploitasi oleh ancaman keselamatan siber atau insiden keselamatan siber.
Tempoh menjalankan penilaian risiko keselamatan siber dan audit
Suatu entiti infrastruktur maklumat kritikal negara yang memiliki atau mengendalikan suatu infrastruktur maklumat kritikal negara hendaklah—
membuat penilaian risiko keselamatan siber sekurang-kurangnya sekali setahun; dan
menjalankan audit sekurang-kurangnya sekali dalam tiap-tiap dua tahun atau pada kekerapan yang lebih tinggi sebagaimana yang boleh diarahkan oleh Ketua Eksekutif dalam mana-mana hal tertentu.
Dibuat 16 Ogos 2024
[MKN(S).10.600-9/2/4 Jld.9 (6); PN(PU2)768]
DATO’ SERI ANWAR BIN IBRAHIM
Perdana Menteri
P.U. (A) 219 3
CYBER SECURITY ACT 2024
CYBER SECURITY (PERIOD FOR CYBER SECURITY RISK ASSESSMENT AND AUDIT)
REGULATIONS 2024
Opening note
These regulations may be cited as the
Cyber
Security
(Period for Cyber Security Risk Assessment and Audit) Regulations 2024.
These Regulations come into operation on 26 August 2024.
Interpretation 2.
In these
Regulations,
“cyber security risks”
means the risks that a vulnerability in the cyber security of the national critical information infrastructure may be exploited by a cyber security threat or cyber security incident.
Period to conduct cyber security risk assessment and audit 3.
A national critical information infrastructure entity owned or operated a national critical information infrastructure shall—
carrying out an audit at least once in every two years or at such higher frequency as may be directed by the Chief Executive in any particular case.
Made 16 August 2024
[MKN(S).10.600-9/2/4 Jld.9 (6); PN(PU2)768]
DATO’ SERI ANWAR BIN IBRAHIM
Prime Minister