Why read this report

The core purpose of Bank Negara Malaysia (the central bank) was to help Malaysian Financial institutions establish necessary frameworks, policies, and procedures to ensure that the institutions maintain their cyber exposure. The plan was to provide banks with guidance on how their IT security ought to be strengthening.

This report focusses on the client, a leading bank in Malaysia, that has over 60 branches, serving the banking needs of corporate, commercial, and institutional clients, wanted to make sure that they are compliant with the central banks’ mandatory guidelines, policies, and procedures.

Key takeaways:

  • Conduct Risk framework – To Identify the risks involved in the bank’s technology framework
  • To prevent security incidents or service outages that could disrupt business activities within the bank and its branches across different regions within the country.
  • To adhere to industry level best practices that will help secure the bank’s infrastructure and ensure hackers do not gain access to the bank’s database systems.
  • Ensure that in the future, the bank can withstand, respond, and recover from a data breach.
  • To conceptualize and design a blueprint that defines the security structure of the bank



SituationServices deliveredSolutionResults


The Risk Management in Technology (RMiT) policy published by Bank Negara’s intention was to formalize the development of consistent risk management programs in all Malaysian Financial institutions. Hence, to ensure they comply with the central bank’s mandatory guidelines of cybersecurity, client then engaged EC-Council Global services, to carry out a gap assessment and meet these challenges.

Any financial institution’s core focus is data security. The issue the client faced was that they lacked documentation of risks from different stakeholders. Looking at these factors, the entire operation had to be completed by our security experts in six weeks to ensure the business continuity of the bank.

Services delivered

Our team of security consultants worked around the clock, including on non-business days, to meet this stringent timeline. The consultants conducted a gap analysis, ethically looking into the customer’s IT infrastructure and security vulnerability and have come up with a set of guidelines specifically for the bank:

Gap analysis of people, process, and technology with reference to RMIT guidelines, provide detailed reports about the company’s current posture.
A roadmap with timelines for the bank to follow to comply with the guidelines set by Bank Negara.
Technology Risk Management Framework according to the requirements of RMiT.
Cyber Resilience Framework aligned with the requirements of RMiT.
Enterprise Architecture Framework aligned with the requirements of RMiT.
Cybersecurity Strategy aligned with the Business and IT Strategy.


Due to due diligence and customer value mindset, EC-Council was able to deliver the services within the given timeframe. The compliance report submitted had a comprehensive analysis of individual risks covered, following a remediation plan with the timelines.
Detailed recommendations were provided to the bank on ways to improve.

  • They divided into two plans – Tactical recommendations for immediate development and long-term strategic suggestions for improvement to implement within the timelines defined by the organization by following its risk capacity. That was to perform within the timeframe established by the organization.
  • According to the risk register, risk categories into low, medium, and critical brackets. The client was provided with detailed and comprehensive remediation procedures and solutions to implement.


Committee members of the central bank accepted the report, and the customer is deemed compliant with the mandatory regulatory guidelines. On applying the suggested comprehensive solutions, the post-evaluation results found the customer’s security risk status to be stable, and its infrastructure in compliance with the industry’s best practices and standards.

Engage with EGS: Gain greater confidence in your cybersecurity decisions by working with EC-Council Global Services’ thought leaders to apply our solutions to your specific business and technology initiatives.

Posture Assessment Survey

An independent expert assessment of the current state of information security environment is conducted against global standards and leading industry practices to measure the overall cybersecurity maturity of your organization.
Connect with us to take this FREE 15-Minute Survey. This will be followed by a remediation plan of the identified gaps and the development of a roadmap for transformation.

FREE Phishing Simulation

To assess your organization’s human error vulnerabilities, take OhPhish’s FREE subscription to run simulated Phishing attacks and get a detailed actionable report.
OhPhish is the fastest growing integrated platform for security awareness training. You can train your users, phish them, review results and repeat to ensure your company is on top of this game.

Vulnerability Assessment & Penetration Testing (VAPT)

EGS offers a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. Take the FREE VAPT for up to 10 external IPs, worth USD 5000 and get a customized report!

[email protected]