Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page205/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   201   202   203   204   205   206   207   208   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 244 of 425

707. In addition, another issue as regards appropriate decision-makers and the potential for conflict which needs addressing is one observed by CE, CSA. The security team in IHiS (i.e. the Security Management Division) is embedded as a sub-unit of Infrastructure Services within the Delivery Group. This may result in a misalignment of objectives. Given that the core mission of the Infrastructure Services and the Delivery Group is to provide IT services to the Clusters, security-related workstreams might be overlooked in favour of service delivery objectives. Moreover, the SMD maybe too far detached from the key decision makers such as the Cluster’s GCEO and GCIO, and the IHiS CEO. This dilutes the authority and effective control of decision makers over the SMD, to ensure that their day-to-day functions are executed properly.
708. The experts have also raised concerns with the current structure. In Dr
Lim’s expert opinion, there is potential for conflict when IT implementation and IT security come under the same team and same reporting structure. Gen. Alexander recommended that the cybersecurity team in an organisation should have a direct reporting line to the CEO – “[b]y elevating it to the CEO, what the
CEO is made aware of is the risks that go beyond operations of the actual IT
platform into the security of the platform”.
709. Hence, the current structure should be changed such that the SMD has a direct reporting line to CEO, IHiS.
36.4.1
Ensuring appropriate management visibility
710. Another example is that of ensuring appropriate management visibility when it comes to security incidents. Management visibility is important – only by being well-informed will management be able to react in time and appropriately. It is unrealistic to expect a leader to know everything and to know it all the time. However, processes and tools should be available to allow management to have as much visibility as possible over security incidents.
711. For example, Vivek’s expert opinion is that it would be helpful to put in place a management dashboard that covers not only security incidents which


Download 5.91 Mb.

Share with your friends:
1   ...   201   202   203   204   205   206   207   208   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy