Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
41 RECOMMENDATION #6: INCIDENT RESPONSE PROCESSES MUST BE IMPROVED FOR MORE EFFECTIVE RESPONSE TO CYBER ATTACKS ................................................................................................................ 313 41.1 Incident response plans must be tested with regular frequency before areal incident occurs ............................................................................................. 313 41.1.1 Testing of incident response plans is critical ................................................. 314 41.1.2 Employees must be made aware of the procedures in place for reporting security incidents ............................................................................................ 316 Predefined modes of communication must be used during incident response ....................................................................................................... 319 Correct balance must be struck between containment, remediation and eradication, and the need to monitor an attacker and preserve critical evidence ....................................................................................................... 321 Information and data necessary to investigate an incident must be readily available. ...................................................................................................... 323 An Advanced Security Operation Centre or Cyber Defence Centre should be established to improve the ability to detect and respond to intrusions ........ 324 41.5.1 Importance of a proactive defence strategy .................................................... 324 41.5.2 Overview of an Advanced Security Operations Centre .................................. 325 41.5.3 Features of an ASOC ...................................................................................... 328 42 RECOMMENDATION #7: PARTNERSHIPS BETWEEN INDUSTRY
