Skip to main content

Code of Practice

Home » Rujukan » Code of Practice

Code of Practice for Critical Information Infrastructure (CII)

This Code of Practice for CII serves as a cornerstone for enhanced cybersecurity across critical infrastructure sectors. By adhering to its outlined best practices, CII owners can significantly reduce cyber risks and ensure the continued resilience of our national critical infrastructure.

The Code of Practice for CII complements the Cybersecurity Order 2023 by providing practical guidance for CII owners to comply with its potential provisions. Here's a breakdown of the alignment:


Governance and Leadership: The code emphasizes leadership accountability, which likely mirrors requirements within the cybersecurity order for CII owners to designate a cybersecurity officer or establish a dedicated security team.

Identification and Classification: The code's focus on identifying critical assets aligns with the order potentially mandating CII owners to conduct risk assessments and classify critical infrastructure elements.

Protection and Detection: The code's recommendations for robust security measures likely echo provisions within the order outlining minimum security controls for CII systems.

Response and Recovery: The code's emphasis on incident response plans aligns with the order potentially mandating CII owners to develop and test such plans for timely cyberattack response.

Building Cyber Resilience: The code's focus on cybersecurity awareness and continuous improvement likely reflects similar requirements within the order for CII owners to implement staff training programs and conduct regular vulnerability assessments.

Queries and feedback on this document may be submitted here.


Download the document below



Display page title