COI Report – Part IV Page 162 of 425 implemented, but Katherine decided to bypass the usual procedure as manually terminating the queries was too time-consuming. 507. The script was completed and implemented at around midnight on 5 July 2018. Following its implementation, there were no alerts from the script. 26.13 Changing the password of the AA. account 508. On the evening of 4 July 2018, Kelvin recommended to Henry that the password for the AA. account should be changed. Henry agreed, but on the condition that the password change be tested in the development environment of the SCM system before being implemented in the production environment. 509. Kelvin proceeded to change the password for the AA. account on the night of 4 July 2018 in the development environment of the SCM system. The change was subsequently implemented in the production environment on 8 July 2018. 26.14 Assessment of IHiS’ incident response on 4 July 2018 510. The Committee commends Sze Chun for his initiative. Notwithstanding the fact that that security was not within Sze Chun’s usual job scope and that he was unaware of any written procedure for responding to and reporting security incidents, he responded quickly and thoroughly upon noticing something unusual. He went so far as to terminate the unusual queries, and to locate the workstations from which the queries were being run. Sze Chun’s actions exemplify an important principle of cybersecurity as identified by Dr Lim Woo Lip – that cybersecurity is the problem of every member of an organisation, and should not just be left to the dedicated security staff to handle. 511. Benjamin too was acting with a high degree of initiative and autonomy. That said, the process by which he communicated the results of his investigations to the rest of the SMD could be improved. For instance, Ernest and Wee were unable to understand the slides sent to them, as the slides were sent without
