In the modern digital economy, data has become the most valuable asset for organizations, but also their most vulnerable. Increasing threats such as ransomware, phishing, insider misuse, and accidental data leaks expose Malaysian businesses to severe risks of financial loss, reputational damage, and regulatory penalties. This 2-day training provides participants with a strong foundation in data security frameworks, best practices, and compliance requirements, including Malaysia’s Personal Data Protection Act (PDPA) 2010 and Bank Negara Malaysia (BNM) standards. Through case studies, group discussions, and response plan development, participants will learn to prevent data breaches, manage risks effectively, and build a security-focused culture across their organization. This HRD Corp (HRDC) Claimable Course (Previously Known as SBL-Khas) Is Delivered by a Penang-Based Training Provider Registered with HRD Corp (Formerly Known as HRDF), Specializing in Corporate Skills Development and Workforce Upskilling Across Malaysia. 100% HRD Corp Claimable | Penang Training Provider | Corporate Training Malaysia
DAY 1
Module 1: Introduction to Data Security
Importance of data as a business asset
Common threats: hacking, ransomware, insider threats, phishing
Local case studies: Malaysian data breach incidents
Module 2: Legal & Regulatory Landscape
Overview of PDPA 2010 (data security principle)
Risk Management Framework
Cybersecurity Malaysia frameworks & national strategies
Lunch
Module 3: Building a Data Security Framework
Governance and accountability
Data classification and access control
Encryption, backups, and secure disposal
Vendor and third-party risk management
Module 4: Practical Implementation
Developing security policies and procedures
Security awareness and staff training
Tools for monitoring and detection
Handling Data Subject Access Requests (DSARs) with security in mind
Activity : Group Discussion & Presentation
DAY 2
Module 5: Threats, Risks & Vulnerabilities
Identifying vulnerabilities (technical, human, organizational)
Cyber risk assessment methods
Activity : Red team vs. blue team exercises (discussion-based)
Module 6: Data Breach & Incident Management
Breach identification and containment
Notification requirements (PDPA and regulator expectations)
Communication strategy – customers, regulators, and media
Post-breach review & lessons learned
Lunch
Module 7: Governance & Best Practices
Embedding data security in corporate governance
Continuous monitoring, auditing & reporting
Integration with global compliance frameworks
Building a security culture across departments
Module 8: Case Study & Group Presentation
Malaysian breach case analysis
Activity : Teams design a Data Security Response Plan
Presentation & trainer feedback
