PPWG (Protection Profile Working Group) Workshop at the Lexis

On the 10th – 11th October 2013, we had a meeting of all the Protection Profile Working Groups (PPWG) in Lexis Hotel, Port Dickson.

The PPWG is an initiative under Thrust 3: Cyber Security technology framework of the National Cyber security policy (NCSP), which in turn is to address cyber risks pertaining to Malaysia’s Critical National Information Infrastructure (CNII). 4 PPWGs were established

1. Data Protection

2. Network Devices

3. Application

4. Smart Card and related devices

The idea behind this was to set up standards and frameworks for developers to adhere to, to ensure information security is embedded in the system, instead of tacked on. We are, in all aspirations, like the National Institute of Standards and Technology (NIST) in the US.

PKF Avant Edge was formerly invited at the beginning of this year to be part of the PPWG3 group, comprising representatives from MIMOS, Cybersecurity, IRIS, Bank Negara and a few other private companies. In our first meeting, there were several representatives from the industries aside from the ones named above; but by the time this workshop rolled in, and after several iterations of all day meetings to discuss on the standards and protection profile for banking applications; we were the only ones left.

The idea behind PKFAE’s participation and our continuous support for the PPWG is not so much for profit, than for our philosophy. We don’t get anything out of it. The meetings are all day, 9 – 5 in Technology Park, in MIMOS’ HQ, and PKFAE’s representative is the managing director himself, not any other member of the company. So time cost’s perspective, it doesn’t really make too much sense for us to be part of it. But our philosophy has always been to balance profitability and responsibility. These are reasons why we give free workshops on Personal data protection act and project management; why we give free talks and industry contribution to universities; why we spend time engaging the government and educational societies in bringing information security awareness: we don’t get paid at all, and yet we do it. The underlying idea is to contribute back to the industry in which you are part of. If not in charity or donations, then in time and value. It does sound utopian, but we started the company with these basic tenets, so why not just continue on?

As such, aside from the government agencies, we are one of the few, if not the only consulting firm that is participating in our PPWG. It takes a lot of hard work and sacrifice, as well as doing something without any fees. We are not looking for any reward, but simply as something we need to be part of, as the basic form of our existence.

Once in a while, it’s still nice to get away from it all to Port Dickson, of course.

Good View from my room

Session ongoing from one of the PPWG

Leave a Reply