Cyber Hygiene Security Framework

  Cyber Hygiene Security Framework program is a first co-investment initiative by MSC Cyberport Johor (Malaysia), CREST-International and iTGRC Asia started in March 2018. The ...

Collaboration among strong and reputable market players, for a vision of Cyber Security reinvent to meet the Cyber Hygiene standard in ASEAN region. CHSF aims to develop an adaptable framework to close the gaps of cyber security standards among the confusion and complexity.

Cyber Hygiene Security Framework program is a first co-investment initiative by MSC Cyberport Johor (Malaysia), CREST-International and iTGRC Asia started in March 2018. The objective is to create a cyber security standard that meets the international requirements, yet easily adopted by markets in accordance to domestic conditions such as; economies of scale, culture, consumer behavior, business practices, local regulatory requirements etc.
It’s aims to increase the awareness of cyber risk, internet security and business resilience to cyber exposure (crime and attack, external and internal). Nevertheless, factors such as cost, market competencies, industries trends, government or regulatory requirements play a significant role in driving its success in the region. Whether it's for individual, government and public sectors, SME or corporate Cyber Hygiene program sets its goals at making cyber-security affordable, achievable, market oriented, segments targeted as well as recognized and respectable
Gain a lot more mileage for your business by staying cyber secured and resilient with cyber hygiene program. Let your customers keep coming back to you.
Come and experience Cyber Hygiene program with us. Contact us at email at to find out more



The following captures excerpt from multiple open sources about Cyber Hygiene (Disclaimer).
"... Cyber hygiene is a fundamental principle relating to information security and, as the analogy with personal hygiene shows, is the equivalent of establishing simple routine measures to minimise the risks from cyber threats. The underlying assumption is that good cyber hygiene practices can drive increased immunity across businesses reducing the risk that one vulnerable organisation will be used to either mount attacks or compromise a supply chain..."
A good cyber hygiene practices stems from a standard approach
Unfortunately, these good practices are rarely fully implemented across business sectors and this creates a gulf between the “theoretical” guidance from the standards and the “practical” experience of small-medium business owners and managers. This, thus has led to some confusion between standards.
Cyber Security Awareness
Organisations without a dedicated, and separate, IT function demonstrated very limited understanding around cyber security. On a business to business line where all organizations operate, be it large or small, there is a tendency to implement controls as required by contracts and for business to customer organisations, there doesn’t appear to be a clear driver around why security adds value. This has been apparent among small and media business, thus making them abandon the needs to secure their valuable assets and protecting their business and their relationship with customers.
Conflicting and Competing regulatory requirements, and policy 
Although there is foundational overlap between the various national standards, there are sufficient differences that most small and media organisations, especially those without dedicated IT resources, find it challenging to map between standards. As as result, the scenario creates challenges for organisations seeking to deliver goods or services across geographical borders, part of the larger supply chain, assuming compliance in one country isn’t the same as compliance in another.
Cost elements of Cyber Security appear to be expensive and unjustifiable for it's priority over others
Profitability and profit margins are the overwhelming concern for every business today. The perception that following any sort of good security practices will eat up the profits instead of giving them the cutting edge to win in the market. 
In view of the cost, it's is likely to be the ultimate deciding factor for any organisation considering adopting a cyber hygiene program. While the lifetime cost of any program might be significantly less than the cost of a breach, which is far more than the cost of implementation and maintenance, it is still unlikely to sway small businesses concerned about immediate cashflow.

Cyber Hygiene Security Framework (CHSF)

CHSF primary scheme places emphasis on the rationale to reduce the complexity of adoption. It presents the fundamental risk assurance to do business within domestic market or across the border. CHSF primary rides on the two key pillars of NIST framework and places emphasis on "Identify and Protect". It focuses on business needs and priority, key assets of an organization such as users, devices, data storage. The protection pillar covers the basic secured-configuration of devices, firewall or gateway, and further enforce data security through data access control and account/password management. 
Do not hesitate to contact us at to find out more. 
The Cyber Hygiene Security Framework for ASEAN is powered by CREST-International, MSC Cyberport Malaysia and iTGRC Asia. 

Extract are from open sources such as NIST/ENISA and several others. All copyright reserved. Please refer to their respective sites for terms, Legal and private statement. Where in doubt or any query, please contact us at email:



iTGRC Asia Pte Ltd

+65 9338 0000


+65 6818 0801

By submitting your information to iTGRC Asia Pte Ltd, you have agreed to our Privacy Statement