WORKSHOP: CRITICAL SECTOR AUDITING AND RISK ANALYSIS

Malaysian National Cyber Security Agency (NACSA) in cooperation with the EU CyberNet, is organising a three-day workshop on Critical Sector Auditing and Risk Analysis from 20 to 22 May 2026 in Putrajaya, Malaysia.

The workshop is designed to strengthen cybersecurity audit readiness, compliance, and risk analysis capabilities for Malaysia’s national critical information infrastructure (NCII) sectors. The programme will combine conceptual frameworks, practical case discussions, and interactive sessions, with reference to Malaysia’s Cyber Security Act 2024 [Act 854], relevant international standards, and European cybersecurity audit and risk management practices.

The workshop will be conducted in two formats:

• Day 1 — Public Audience Session: involving all 43 Sector Leads, NACSA representatives, and relevant technical participants.
• Day 2 and Day 3 — NACSA Closed Sessions: dedicated to NACSA personnel only, focusing on detailed audit approaches, technical discussions, practical exercises, and internal capacity building.

The purpose of the workshop is to enhance participants’ understanding and practical capability in conducting cybersecurity audits and risk analysis for critical sectors.

The first day will provide a wider platform for all 43 Sector Leads to understand statutory obligations, cybersecurity audit and compliance expectations, sector readiness, and the role of audit in strengthening NCII resilience.

The second and third day will be conducted as closed sessions for NACSA personnel only, focusing on deeper technical knowledge, audit methodologies, risk-based approaches, compliance-based audits, technical assessments, inspection and verification, continuous improvement, and practical audit exercises.