Abstract
Malaysian Public Sector (MPS) organizations span laterally within all ten critical sectors outlined in the National Cybersecurity Policy (NCSP). Critical Information Infrastructure Protection (CIIP) initiatives are mainly driven by the overarching NCSP and the National Cybersecurity Strategy. Down the hierarchy, CIIP initiatives become more focused at the sectoral level. However, a dedicated CIIP framework for the MPS is currently unavailable thus giving an opportunity for research in this area. This paper explores current CIIP requirements pertinent to MPS sectoral needs. The method used is comparative analysis. In this paper, analyzed resources include international organizations requirements, key national policy documents, published official directives, circulars, guidelines and tools related to the MPS CIIP. The study findings have shown that risk management and resilience are among the emerging themes. A total of 21 external strategic requirements and 26 available internal resources are identified. A comparison of MPS Cybersecurity Framework (RAKKSSA) against NIST Cybersecurity Framework is also established to highlight CIIP. For future work, five recommendations are proposed as guidelines for developing MPS CIIP Framework.
